Malwarebytes free apple3/26/2023 ![]() "The same bug apparently existed in Catalina, which remained unpatched seven months after Apple released the patch for Big Sur, and more than five months after the details had been released at Zer0con," Reed wrote in the Malwarebytes post. ![]() However, CVE-2021-30869 wasn't fixed for Catalina until Sept. For macOS Catalina and Mojave users, however, it was a different story.įor CVE-2021-1789, Catalina 10.15 and Mojave 10.14 would have been addressed if users had upgraded to Safari 14.0.3. 1 Big Sur was the latest major macOS release at the time. Reed said the Trojan used in the attacks has been in the wild since 2019 - largely undetected.īoth vulnerabilities were patched in macOS Big Sur 11.2 on Feb. Two macOS vulnerabilities were used as a single exploit chain in the attacks one was a remote code execution flaw in WebKit (CVE-2021-1789), while the other (CVE-2021-30869) was an XNU privilege escalation vulnerability. The attacks were first reported by Google's Threat Analysis Group (TAG). ![]() ![]() The post, written by Malwarebytes director of Mac and mobile Thomas Reed, centers around a watering hole campaign in Hong Kong against macOS users that targeted the visitors to a pro-democracy political organization and a media outlet. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |