Apple patches critical Zero-Day vulnerabilities on its various products in the latest May update. This release includes three critical zero-day security bugs which are being exploited in the wild. These vulnerabilities can be tracked as CVE-2021-30663, CVE-2021-30665, and CVE-2021-30713. Endpoints that have not been patched are advised to deploy patches ASAP.
At the time of writing, details on the POC have not been made public.
Zero-Day (CVE-2021-30663)
A critical zero-day vulnerability exploited in the wild affecting Apple TV 4K and Apple TV HD devices is fixed in this May update. It was reported by an anonymous researcher. It is an integer overflow error that arises due to improper validation of input inside WebKit storage. The vulnerability allows an attacker to conduct arbitrary code execution.
Affected Products: Apple tvOS 14.5 available for Apple TV 4K and Apple TV HD, macOS Big Sur before 11.3.1.
Solution: Apple tvOS 14.6
Zero-Day (CVE-2021-30665)
Another critical zero-day vulnerability in WebKit storage affecting Apple TV 4K and Apple TV HD devices is also fixed in this May update. It is reported by yangkang & zerokeeper & bianliang of 360 ATA. It is a memory corruption vulnerability that arises due to improper state management. The vulnerability allows an attacker to conduct arbitrary code execution wildly.
Affected Products: Apple tvOS 14.5 available for Apple TV 4K and Apple TV HD, macOS Big Sur before 11.3.1.
Solution: Apple tvOS 14.6
Zero-Day (CVE-2021-30713)
Finally, there is one more critical zero-day vulnerability exploited in the wild affecting macOS Big Sur device that is also fixed in this May update. It was reported by researchers from security firm Jamf. The privilege escalation vulnerability is due to a validation error in Transparency Consent and Control (TCC) protection. The vulnerability allows an attacker to bypass Privacy preferences and gain additional permissions.
It is also actively exploited by XCSSET malware, a Mac malware discovered by Trend Micro. On installation, XCSSET makes use of this bypassing to take screenshots of the user’s desktop without requiring additional permissions. The malware will exfiltrate sensitive data such as cryptocurrency addresses, credentials for online services, and payment card information from Apple Store to the attackers’ server. It shows ransomware behavior by encrypting files and displaying a ransom note. It can also launch universal cross-site scripting (UXSS) attacks against the victim’s system.
Affected Products: macOS Big Sur before 11.4.
Solution: macOS Big Sur 11.4
SanerNow detects these vulnerabilities and automatically fixes them through patch management by applying security updates. We strongly recommend applying the security updates as soon as possible following the instructions published in our support article.