Google researchers discovered zero-day affecting macOS devices that could allow recording keystrokes or screen grabs. While Apple has patched the flaw, the tech giant confirmed to have detected active exploits for it in the wild.
macOS Zero-Day Vulnerability
Researchers from Google Threat Analysis Group and Google Project Zero reported a serious macOS zero-day vulnerability to Apple.
As described in Apple’s advisory, exploiting this vulnerability could allow a malicious app to execute arbitrary codes with kernel privileges. Apple described this flaw (CVE-2021-30869) as a type confusion vulnerability that it fixed with improved state handling.
The tech giant also confirmed the zero-day status of this bug.
Apple is aware of reports that an exploit for this issue exists in the wild.
Elaborating further on it in a blog post, TAG researchers mentioned it as a “watering hole” vulnerability. They found this vulnerability under attack in August 2021, following which they reached out to Apple.
The researchers noticed well-organized threat actors exploiting this bug to target Hong Kong websites.
In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group…
Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code.
As observed, the websites that the threat actors used for the attack contained two iframes serving the exploits from the attackers’ server. These included an exploit for iOS and macOS, each with some differences.
These exploits delivered payload to the target device – a backdoor executing numerous tasks for the attackers. These functionalities include file upload/download, screengrabs, keylogging, audio recording, fingerprinting target devices, and executing terminal commands.
Since the patches are out for macOS Catalina, users must ensure updating their systems at the earliest.
Let us know your thoughts in the comments.