Security News > 2021 > November > Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant
Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines.
"Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code," Google Threat Analysis Group researcher Erye Hernandez said in a report.
Tracked as CVE-2021-30869, the security shortcoming concerns a type confusion vulnerability affecting the XNU kernel component that could cause a malicious application to execute arbitrary code with the highest privileges.
The attacks observed by TAG involved an exploit chain that strung together CVE-2021-1789, a remote code execution bug in WebKit that was fixed in February 2021, and the aforementioned CVE-2021-30869 to break out of the Safari sandbox, elevate privileges, and download and execute a second stage payload dubbed "MACMA" from a remote server.
The websites, which contained malicious code to serve exploits from an attacker-controlled server, also acted as a watering hole to target iOS users, albeit using a different exploit chain delivered to the victims' browser.
Google TAG said it was only able to recover a part of the infection flow, where a type confusion bug was used to gain code execution in Safari.
News URL
https://thehackernews.com/2021/11/hackers-exploit-macos-zero-day-to-hack.html
Related news
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Aiohttp bug to find vulnerable networks (source)
- Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-24 | CVE-2021-30869 | Type Confusion vulnerability in Apple products A type confusion issue was addressed with improved state handling. | 7.8 |
2021-04-02 | CVE-2021-1789 | Type Confusion vulnerability in multiple products A type confusion issue was addressed with improved state handling. | 8.8 |