On Monday, May 24th Apple released a security update for macOS, iOS, tvOS, and watchOS, adding fixes for 58 vulnerabilities. CVE-2021-30664 and CVE-2021-30665 involve WebKit on Apple TV 4k and Apple TV HD devices allowing for maliciously crafted content to obtain arbitrary code execution on devices affected.
CVE-2021-30713 bypasses Transparency Consent and Control (TCC) impacting macOS Big Sur, which can be exploited by attackers for privilege escalation without requiring user interaction. This flaw allows attackers full disk access including control of screen recording and microphone access. What’s more, XCSSET which was discovered earlier this year, is actively exploiting this vulnerability along with a Gatekeeper bypass, which is still possible today.