Google’s Threat Analysis Group (TAG) has discovered attackers targeting visitors to websites in Hong Kong were using a previously unknown zero-day flaw in macOS to capture keystrokes and take screengrabs. Apple patched the bug in September, tracked as CVE-2021-30869, roughly a month after it was discovered by Google Researchers. Apple stated that it had been made aware of reports that an exploit for the bug existed in the wild, adding that a malicious application may be able to use it to execute arbitrary code with kernel privileges.
Since Apple’s statement, Google has supplied additional information about the bug, reporting that the attacks targeted both Mac and iPhone users. TAG also confirmed that researchers believe that the threat actor exploiting the bug is likely state-backed with access to their own software engineering team. The vulnerability, which Google researchers referred to as a ‘watering hole’ served as an XNU privilege escalation vulnerability unpatched in macOS Catalina, allowing the attackers to install backdoors. The backdoor included typical spyware traits, including device fingerprint, screen captures, the ability to upload and download files, log keystrokes, and listen to audio.
Read More: Google warns of hackers using macOS zero-day flaw to capture keystrokes, screengrabs