How can we help?
Details have been released on an exploit in Mac OS Finder which can be abused to run malicious code on a device through phishing. Apple have released a patch to address the issue (without assigning a CVE) but it relies on case sensitive pattern matching and researchers have been able to bypass the fix.
A separate kernel vulnerability which affects iOS 12.5.5 and macOS Catalina (CVE-2021-30869) has just been patched after Google’s Threat Analyst Group found it being exploited in the wild. The patches also included backports for the CVEs fixed in 14.8.
Meanwhile, Proof of Concept (PoC) code for 4 different iOS information disclosure vulnerabilities have been released on GitHub. 3 of these are unpatched “0-days”.
A remote attacker can trick a macOS user into running malicious code, bypassing the normal quarantine restrictions. The researcher plans to release a PoC that can chain techniques to gain “arbitrary code execution with two clicks.”
A malicious iOS app on a fully patched iPhone could access private data such as the contacts list and details about conversations without asking for permissions.
A malicious app on iOS 12.5.5 and macOS Catalina would be able to execute code with kernel-level privileges.
Containment, Mitigations & Remediations
The phishing exploit can be triggered by a number of file types.
Admins may want to block emails containing the following filetypes which can be used to point to a URI
.webloc, .url, .inetloc, and .fileloc.
The App exploits require local code execution so mitigation is to avoid downloading untrustworthy Apps.
Indicators of Compromise
None at this time.