Rewterz Threat Alert – Remcos Backdoor Malware
May 25, 2021Rewterz Threat Alert – Formbook Malware – Active IOCs
May 25, 2021Rewterz Threat Alert – Remcos Backdoor Malware
May 25, 2021Rewterz Threat Alert – Formbook Malware – Active IOCs
May 25, 2021Severity
High
Analysis Summary
Three MacOS and tvOS zero-days were being exploited in the wild by attackers. Threat actors were using the XCSSET malware to bypass macOS privacy protections. Although Apple accepted that they were aware of the Zero-day vulnerabilities being exploited in the wild, they did not provide any information on the victims and threat actors.
Threat actors could exploit the two vulnerabilities using maliciously crafted web content that would trigger arbitrary code execution on unpatched devices due to a memory corruption issue.
CVE-2021-30713
The macOS Big Sur vulnerability allows a malicious user to bypass privacy preferences. This vulnerability is also exploited actively and subsequently was addressed with improved validation by apple.
“The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent — which is the default behavior,” said researchers at Jamf.
Impact
- Bypass Privacy Preferences
- Arbitrary Code Execution
Affected Vendor
Apple
Affected Product
MacOS Big Sur prior to 11.3
Remediation
For the latest security patches and updates visit https://support.apple.com/en-us/HT201222