Severity

High

Analysis Summary

Three MacOS and tvOS zero-days were being exploited in the wild by attackers. Threat actors were using the XCSSET malware to bypass macOS privacy protections. Although Apple accepted that they were aware of the Zero-day vulnerabilities being exploited in the wild, they did not provide any information on the victims and threat actors.

Threat actors could exploit the two vulnerabilities using maliciously crafted web content that would trigger arbitrary code execution on unpatched devices due to a memory corruption issue.

CVE-2021-30713

The macOS Big Sur vulnerability allows a malicious user to bypass privacy preferences. This vulnerability is also exploited actively and subsequently was addressed with improved validation by apple.

“The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent — which is the default behavior,” said researchers at Jamf.

Impact

• Bypass Privacy Preferences
• Arbitrary Code Execution

Affected Vendor

Apple

Affected Product

MacOS Big Sur prior to 11.3

Remediation

For the latest security patches and updates visit https://support.apple.com/en-us/HT201222