May 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – REVIL/SODINOKIBI MALWARE Campaign Targeting Financial Sector
April 27, 2021Rewterz Threat Advisory – CVE-2021-23382 – Node.js postcss Module Denial of Service
April 27, 2021Rewterz Threat Alert – REVIL/SODINOKIBI MALWARE Campaign Targeting Financial Sector
April 27, 2021Rewterz Threat Advisory – CVE-2021-23382 – Node.js postcss Module Denial of Service
April 27, 2021
Severity
High
Analysis Summary
Apple is currently facing one of the worst exploits that the tech giant has faced in all its years. Malicious actors can – and have – created malware that can cause privilege escalation, remote code execution, denial of service (DoS) conditions, information disclosure, and security bypass. A logical error in MacOS’ code can help malicious hackers skip all the security checks done by Apple’s security mechanisms like File Quarantine and Gatekeeper. This error can be exploited to also run malicious, unapproved apps on Apple devices.
The vulnerability can be exploited by the attackers by creating a specially crafted app that the users unwittingly download or run. Although macOS asks users if the app can access the mic, photos, or other systems before making any changes to the critical system files, the vulnerability does not let that happen.
The vulnerability is being exploited in the wild by the shlayer adware dropper. The zero-day vulnerability was exploited by a variant of shlayer to install adware on Macs. Jaron Bradley, a Mac expert at cybersecurity company Jamf added that “Shlayer continues to be one of the most active and prevalent malware families for macOS.”
CVE-2021-30655
Apple macOS Big Sur vulnerability allows a locally authenticated attacker to execute arbitrary code on the system. The error exists in the permissions logic issue in the Wi-Fi component of the system. An attacker can execute a specially crafted program to exploit this vulnerability and execute arbitrary codes with the system privileges.
CVE-2021-1876
Apple macOS Big Sur vulnerability allows a remote attacker to execute arbitrary code on the system. The error exists in a use-after-free issue in the NSRemoteView component. An attacker can send a specially-crafted request to exploit this vulnerability and execute arbitrary codes with the system privileges.
CVE-2021-1859
Apple macOS Big Sur vulnerability allows a locally authenticated attacker to obtain sensitive information. The error is caused by a logic issue in the Notes component. An attacker can send a specially-crafted request to exploit this vulnerability and obtain locked Notes content. The attained information can be used to launch further attacks on the system.
CVE-2021-1853
Apple macOS Big Sur vulnerability allows a locally authenticated attacker to gain elevated privileges on the system. The error exists in the logic issue in the APFS component. An attacker can send a specially crafted request to exploit this vulnerability and gain elevated privileges.
CVE-2021-1847
Apple macOS Big Sur vulnerability allows a remote attacker to execute arbitrary code on the system. The error is caused by a memory corruption issue in the CoreGraphics component. An attacker can persuade a victim to open specially crafted content to exploit this vulnerability and execute arbitrary codes or cause the application to crash.
CVE-2021-1841
Apple macOS Big Sur vulnerability allows a locally authenticated attacker to execute arbitrary code on the system. The error is caused by an out-of-bounds write issue in the Intel Graphics Driver component. An attacker can execute a specially crafted application to exploit this vulnerability and execute arbitrary codes with kernel privileges.
CVE-2021-1839
Apple macOS Big Sur vulnerability allows a locally authenticated attacker to execute arbitrary code on the system. The error exists in the permissions logic issue in the Wi-Fi component of the system. An attacker can execute a specially crafted program to exploit this vulnerability and execute arbitrary codes with the system privileges.
CVE-2021-1834
Apple macOS Big Sur vulnerability allows a locally authenticated attacker to execute arbitrary code on the system. The error is caused by an out-of-bounds write issue in the Intel Graphics Driver component. An attacker can execute a specially crafted application to exploit this vulnerability and execute arbitrary codes with kernel privileges.
CVE-2021-1829
Apple macOS Big Sur vulnerability allows a locally authenticated attacker to execute arbitrary code on the system. The error was caused by a type confusion issue in the Wi-Fi component. An attacker can execute a specially crafted application to exploit this vulnerability and execute arbitrary codes on the system.
CVE-2021-1828
Apple macOS Big Sur is vulnerable to a denial-of-service attack. The error was caused by a memory corruption flaw in the Wi-Fi component. A remote attacker can exploit this vulnerability to cause system termination or write kernel memory.
Impact
- Privilege Escalation
- Bypass Privacy Preferences
- Execute Arbitrary Code
- Read Restricted Memory
- Disclose Sensitive User Information
- Data Breach
- Denial of Service
Affected Vendors
Apple
Affected Products
MacOS Big Sur prior to 11.3
Remediation
Update to the latest macOS Big Sur 11.3 patch released today from https://support.apple.com/en-us/HT212325
