Security News > 2021 > November > Mac Zero Day Targets Apple Devices in Hong Kong
Since at least late August, attackers have been using flaws in macOS and iOS - including in-the-wild use of what was then a zero-day flaw - to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites.
In other words, the threat actors threaded malware into the legitimate websites of "a media outlet and a prominent pro-democracy labor and political group" in Hong Kong, according to TAG. The victims' devices were inflicted with what was then a zero day, plus another exploit that used a previously patched vulnerability for macOS that was used to install a backdoor on their computers, according to TAG's report.
In the case of the Hong Kong-focused campaign, exploit led to the installation of a backdoor that has an eye-watering list of surveillance capabilities, including capturing the fingerprints of victims' devices, screen captures, file download/upload, executing terminal commands, audio recording and keylogging.
The campaign, which had gone on for more than two years, similarly used vulnerabilities - two of them being zero days, including an iPhone zero day, in an attack chain that relied on a total of 14 flaws - in indiscriminate watering-hole attacks on site visitors.
The exploit chain for macOS combined a remote-code execution weakness in WebKit and the zero day, CVE-2021-30869.
Both the Hong Kong watering-hole attacks and NSO Group tools rely on use of zero days before vendors or the public know anything about them.
News URL
https://threatpost.com/mac-zero-day-apple-hong-kong/176300/
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-24 | CVE-2021-30869 | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved state handling. | 7.8 |