Three MacOS and tvOS zero-days were being exploited in the wild by attackers. Threat actors were using the XCSSET malware to bypass macOS privacy protections. Although Apple accepted that they were aware of the Zero-day vulnerabilities being exploited in the wild, they did not provide any information on the victims and threat actors.
Threat actors could exploit the two vulnerabilities using maliciously crafted web content that would trigger arbitrary code execution on unpatched devices due to a memory corruption issue.
The macOS Big Sur vulnerability allows a malicious user to bypass privacy preferences. This vulnerability is also exploited actively and subsequently was addressed with improved validation by apple.
“The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent — which is the default behavior,” said researchers at Jamf.
MacOS Big Sur prior to 11.3
For the latest security patches and updates visit https://support.apple.com/en-us/HT201222