Home Latest Cyber Security News | Network Security Hacking Apple Patched Three Actively Exploited Zero-Day Bugs In macOS/tvOS
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Apple Patched Three Actively Exploited Zero-Day Bugs In macOS/tvOS

by Abeerah Hashim
written by Abeerah Hashim
Apple iOS macOS zero-day vulnerabilities

Apple has recently addressed three serious zero-day bugs in macOS and tvOS that were under attack before a fix was deployed.

Zero-Day Bugs In macOS/tvOS

Specifically, Apple has addressed two zero-day bugs in tvOS and one zero-day in macOS under active exploitation.

According to their advisory, one of the two bugs in tvOS include CVE-2021-30663 – an integer overflow vulnerability in Apple WebKit. Exploiting this bug could allow an adversary to execute arbitrary codes on the target device.

Whereas, the second vulnerability, CVE-2021-30665, was a memory corruption issue in WebKit. This vulnerability also allowed arbitrary code execution upon exploitation.

Apple has fixed both these bugs, together with many other vulnerabilities with the release of tvOS 14.5. The updates are available for Apple TV4K and Apple TV HD.

Regarding the third zero-day, it specifically affected the macOS Big Sur. As explained in their advisory, this vulnerability, CVE-2021-30713, could allow an app to bypass Privacy preferences due to permission issue.

Together with other vulnerabilities, Apple has fixed the bug with macOS Big Sur 11.4.

macOS Zero-Day Under Attack By XCSSET malware

Apple has confirmed the active exploitation of the three zero-days in its advisories. While it hasn’t shared many details about it. Yet, Jamf Protect has elaborated in a blog post that the XCSSET malware actively exploited this TCC bypass bug.

The vulnerability basically allows an adversary to gain access to screen recording, disk access, and other permissions. That’s what the malware abused it for.

XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions.

The researchers caught this malware abusing the flaw after observing a surge in the malware variants in the wild.

XCSSET isn’t a new malware. Rather it has undergone numerous improvements thereby producing new variants.

Apple users should rush to update their devices, particularly Macs, to avoid potential attacks via zero-day exploits.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...