Security News > 2021 > November > Mac Zero Day Targets Apple Devices in Hong Kong

Since at least late August, attackers have been using flaws in macOS and iOS - including in-the-wild use of what was then a zero-day flaw - to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites.

In other words, the threat actors threaded malware into the legitimate websites of "a media outlet and a prominent pro-democracy labor and political group" in Hong Kong, according to TAG. The victims' devices were inflicted with what was then a zero day, plus another exploit that used a previously patched vulnerability for macOS that was used to install a backdoor on their computers, according to TAG's report.

In the case of the Hong Kong-focused campaign, exploit led to the installation of a backdoor that has an eye-watering list of surveillance capabilities, including capturing the fingerprints of victims' devices, screen captures, file download/upload, executing terminal commands, audio recording and keylogging.

The campaign, which had gone on for more than two years, similarly used vulnerabilities - two of them being zero days, including an iPhone zero day, in an attack chain that relied on a total of 14 flaws - in indiscriminate watering-hole attacks on site visitors.

The exploit chain for macOS combined a remote-code execution weakness in WebKit and the zero day, CVE-2021-30869.

Both the Hong Kong watering-hole attacks and NSO Group tools rely on use of zero days before vendors or the public know anything about them.

News URL

https://threatpost.com/mac-zero-day-apple-hong-kong/176300/