Apple odpravlja ranljivost macOS Zero Day, ki jo zlorablja zlonamerna programska oprema XCSSET macOS

Apple je izdal varnostne posodobitve za različne svoje izdelke, vključno s popravkom za tri ranljivosti ničelnega dne v sistemih macOS in tvOS. Popravek vsebuje popravek ranljivosti ničelnega dne, ki ga je v divjini skoraj eno leto izkoriščala skupina zlonamerne programske opreme XCSSET. 

Apple said it was aware of allegations that the security flaws “may have been actively exploited” in all three cases, but it didn’t go into detail about the assaults or threat actors who might have exploited the zero-days. 

WebKit on Apple TV 4K and Apple TV HD devices is affected by two of the three zero-days (CVE-2021-30663 and CVE-2021-30665). Webkit is an HTML rendering engine used by Apple’s web browsers and applications on its desktop and mobile platforms, including iOS, macOS, tvOS, and iPadOS.Threat actors might use maliciously generated web content to attack the two vulnerabilities, which would allow arbitrary code execution on unpatched devices due to a memory corruption issue. 

Tretji ničelni dan (CVE-2021-30713) je težava z dovoljenjem, najdena v ogrodju Transparency, Consent, and Control (TCC), ki vpliva na naprave macOS Big Sur. Ogrodje TCC je podsistem macOS, ki nameščenim aplikacijam preprečuje dostop do občutljivih uporabniških podatkov, ne da bi uporabnika vprašal za izrecno dovoljenje prek pojavnega sporočila. Za izkoriščanje te težave bi lahko uporabili zlonamerno izdelano aplikacijo, ki zaobide nastavitve zasebnosti in pridobi dostop do občutljivih uporabniških podatkov. 

While Apple didn’t provide much detail about how the three zero-days were exploited in assaults, Jamf researchers found that the macOS zero-day (CVE-2021-30713) patched was leveraged by the XCSSET malware to get beyond Apple’s TCC privacy measures. 

According to the researchers, “the exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent — which is the default behavior.” 

“We, the members of the Jamf Protect detection team, discovered this bypass being actively exploited during the additional analysis of the XCSSET malware, after noting a significant uptick of detected variants observed in the wild. The detection team noted that once installed on the victim’s system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions.” 

Trend Micro’s Mac Threat Response and Mobile Research teams first detected XCSSET in August 2020. According to the researchers, the vulnerability can be used to provide malicious applications with permissions such as disk access and screen recording. As a result of this, threat actors will be able to take screenshots of affected PCs. 

Last month, Trend Micro discovered a new XCSSET version that was upgraded to work with the newly launched Apple-designed ARM Macs. The CVE-2021-30713 vulnerability was discovered shortly after Craig Federighi, Apple’s head of software stated that macOS has an “unacceptable” level of malware, which he linked to the diversity of software sources. 

Apple je v začetku tega meseca obravnaval dva ničelna dneva za iOS v mehanizmu Webkit, kar je omogočilo poljubno oddaljeno izvajanje kode (RCE) na ranljivih napravah izključno z obiskom zlonamernih spletnih mest. Poleg tega Apple objavlja popravke za številne napake zero-day, ki so bile v zadnjih mesecih izkoriščene v divjini, vključno s tisto, ki je bila razrešena v macOS aprila, in kopico drugih ranljivosti iOS, ki so bile odpravljene v prejšnjih mesecih .