Apple Resolves Three Zero-Day Vulnerabilities Mainly From XCSSET Malware --Two of Them Are From Apple TV 4K, HD Devices

Apple has recently applied zero-day vulnerabilities.The Cupertino giant immediately addressed the exploitations by patching the macOS and tvOS with a security update.

The company learned that the XCCSET malware was able to access the privacy protection of the macOS, confirming the attacks from the latest system intruders.

Apple Patches macOS, Apple TV 4K, and TV HD Due to Zero-Day Exploits

Apple Resolves Three Zero-Day Vulnerabilities Mainly From XCSSET Malware --Two of Them Are From Apple TV 4K, HD Devices
Earlier this week, Apple has applied security patches on three-zero day vulnerabilities that affect some of its devices including macOS and Apple TV. Sora Shimazaki from Pexels

According to Bleeping Computer, Apple has been informed of the several attacks spearheaded by zero-day exploits. There are three instances that the tech giant experienced the vulnerability issues that happened.

The first two zero-day attacks affected the Webkit of the Apple TV HD and TV 4K smart home products. Primarily, what Apple discovered were the CVE-2021-30663 and CVE-2021-30665 which bypassed the system and launched a command through an executable code.

For HTML-related components, the Webkit is basically the rendering engine of the tech titan's browser seen on the applications in both mobile and desktop. In particular, it is also contained in the tvOS, iOS, macOS, and iPadOS.

Upon the launch of the malicious software, there would be an arbitrary code that would be launched in the unpatched devices. The results will yield a corrupt memory of the said items.

Meanwhile, the macOS Big Sur devices became the victims of the third and last zero-day attack (CVE-2021-30713). Apple spotted the vulnerability in the Transparency, Consent, and Control framework.

The mentioned framework keeps the safety of sensitive information by preventing the user from installing the applications without permission through a message that will appear on the screen.

XCCSET macOS Malware is the Key Component of the Zero-Day

The Jamf blog wrote that Apple has not disclosed further details about the extent of the zero-day attacks. According to the Jamf researchers, the TCC protections of Apple have created a patch for the XCCSEt malware for user data protection.

Moreover, the zero-day could go deeper in its access through entering the Full Disk while letting the desktop take a screenshot without any consent from the user.

"The detection team noted that once installed on the victim's system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user's desktop without requiring additional permissions," the researchers said.

Last year, the XCSSET malware first invaded the macOS devices. Trend Micro discovered the infection that took place in the Xcode projects together with the zero-day attacks in the Safari browser and Javascript.

Earlier this May, the arbitrary remote code execution penetrated the vulnerable Apple devices through accessing the malicious channels. The zero-day vulnerabilities have been widespread over the past months, as the growing issues in macOS continue to escalate in April.

Besides the three zero-days, Apple has also dealt with the execution bug, and a handful of kernel memory problems in November--all had injected malware in the iPad, iPhone, and iPod.

Related Article: Apple Zero Day: iOS 14.5 Patch Lets Hackers Access User Information to Steal Data, and MORE

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics