Cybercrime

Apple Patches macOS Big Sur Vulnerability Exploited by Malware

Apple on Monday announced that software updates for its desktop and mobile operating systems address tens of vulnerabilities, including a zero-day flaw in macOS Big Sur that has been exploited in attacks.

Ionut Arghire

May 25, 2021

Tracked as CVE-2021-30713, the exploited bug has been described as a bypass of the Transparency Consent and Control (TCC) protections, which control what resources applications have access to. An attacker can exploit it to access data on disk, to record the screen, and gain additional permissions without user interaction.

Security researchers with Jamf, a firm that specializes in enterprise management software for Apple devices, say that the vulnerability has been actively exploited by the XCSSET malware, which infects Xcode projects to target Mac developers.

Initially detailed in August 2020, the malware was designed to steal sensitive data and to launch ransomware attacks. In March 2021, Kaspersky discovered that XCSSET had been updated to also target devices powered by Apple’s M1 chip, which was unveiled in November 2020.

Apple describes the zero-day vulnerability as a bypass in Privacy preferences that a malicious application may exploit. The company says it has improved validation to address the issue.

“Apple is aware of a report that this issue may have been actively exploited,” the tech giant notes.

Over 70 other vulnerabilities were addressed in macOS Big Sur, more than half of which were also addressed with software updates for macOS Catalina and macOS Mojave.

The patched flaws could lead to arbitrary code execution, memory leaks, denial of service, data exposure, and elevation of privilege, among others.

Apple also addressed more than 40 vulnerabilities with the release of iOS 14.6 and iPadOS 14.6, and also pushed out security updates for tvOS and watchOS, each with patches for more than 20 bugs.

Safari 14.1.1 was released this week with fixes for 10 security holes, all affecting the WebKit component. The bugs could be abused for code execution, cross-site scripting (XSS), access to restricted ports, information leaks, or denial of service.

Details on the newly released software updates and the vulnerabilities they address can be found on Apple’s security updates page.

Written By Ionut Arghire

Ionut Arghire is an international correspondent for SecurityWeek.

Latest News

Click to comment

Webinar: How to Build Resilience Against Emerging Cyber Threats

Thursday, March 16, 2023

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Webinar: Understanding Hidden Third-Party Identity Access Risks

Tuesday, March 28, 2023

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Are Encryption and Zero Trust Breaking Key Protections?

Compliance and ZTNA are driving encryption into every aspect of an organization’s network and enterprise and, in turn, forcing us to change how we think about protecting our environments. (Matt Wilson)

How the Best CISOs Drive Operational Resilience

Cyberattacks have exposed a myriad of vulnerabilities in our healthcare infrastructure, and will continue to do so as new and innovative medical technologies are developed. (Galina Antova)

Defeating the Deepfake Danger

Deepfakes are becoming increasingly popular with cybercriminals, and as these technologies become even easier to use, organizations must become even more vigilant. (Derek Manky)