Security News > 2021 > May > Apple Patches macOS Big Sur Vulnerability Exploited by Malware
Apple on Monday announced that software updates for its desktop and mobile operating systems address tens of vulnerabilities, including a zero-day flaw in macOS Big Sur that has been exploited in attacks.
Security researchers with Jamf, a firm that specializes in enterprise management software for Apple devices, say that the vulnerability has been actively exploited by the XCSSET malware, which infects Xcode projects to target Mac developers.
Apple describes the zero-day vulnerability as a bypass in Privacy preferences that a malicious application may exploit.
Over 70 other vulnerabilities were addressed in macOS Big Sur, more than half of which were also addressed with software updates for macOS Catalina and macOS Mojave.
Apple also addressed more than 40 vulnerabilities with the release of iOS 14.6 and iPadOS 14.6, and also pushed out security updates for tvOS and watchOS, each with patches for more than 20 bugs.
Details on the newly released software updates and the vulnerabilities they address can be found on Apple's security updates page.
News URL
Related news
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Apple missed screenshot-snooping malware in code that made it into the App Store, Kaspersky claims (source)
- XCSSET macOS malware returns with first new version since 2022 (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- The XCSSET info-stealing malware is back, targeting macOS users and devs (source)
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (source)