Security News > 2021 > November > Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant
Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines.
"Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code," Google Threat Analysis Group researcher Erye Hernandez said in a report.
Tracked as CVE-2021-30869, the security shortcoming concerns a type confusion vulnerability affecting the XNU kernel component that could cause a malicious application to execute arbitrary code with the highest privileges.
The attacks observed by TAG involved an exploit chain that strung together CVE-2021-1789, a remote code execution bug in WebKit that was fixed in February 2021, and the aforementioned CVE-2021-30869 to break out of the Safari sandbox, elevate privileges, and download and execute a second stage payload dubbed "MACMA" from a remote server.
The websites, which contained malicious code to serve exploits from an attacker-controlled server, also acted as a watering hole to target iOS users, albeit using a different exploit chain delivered to the victims' browser.
Google TAG said it was only able to recover a part of the infection flow, where a type confusion bug was used to gain code execution in Safari.
News URL
https://thehackernews.com/2021/11/hackers-exploit-macos-zero-day-to-hack.html
Related news
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- Hackers use macOS extended file attributes to hide malicious code (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-24 | CVE-2021-30869 | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved state handling. | 7.8 |
2021-04-02 | CVE-2021-1789 | Type Confusion vulnerability in multiple products A type confusion issue was addressed with improved state handling. | 8.8 |