Home / About / Threat Intelligence / More iOS/macOS Exploits

Overview

Details have been released on an exploit in Mac OS Finder which can be abused to run malicious code on a device through phishing. Apple have released a patch to address the issue (without assigning a CVE) but it relies on case sensitive pattern matching and researchers have been able to bypass the fix.

A separate kernel vulnerability which affects iOS 12.5.5 and macOS Catalina (CVE-2021-30869) has just been patched after Google’s Threat Analyst Group found it being exploited in the wild. The patches also included backports for the CVEs fixed in 14.8.

Meanwhile, Proof of Concept (PoC) code for 4 different iOS information disclosure vulnerabilities have been released on GitHub. 3 of these are unpatched “0-days”.

Impact

A remote attacker can trick a macOS user into running malicious code, bypassing the normal quarantine restrictions. The researcher plans to release a PoC that can chain techniques to gain “arbitrary code execution with two clicks.”

A malicious iOS app on a fully patched iPhone could access private data such as the contacts list and details about conversations without asking for permissions.

A malicious app on iOS 12.5.5 and macOS Catalina would be able to execute code with kernel-level privileges.

Affected Products

macOS/iOS

Containment, Mitigations & Remediations

The phishing exploit can be triggered by a number of file types.
Admins may want to block emails containing the following filetypes which can be used to point to a URI

.webloc, .url, .inetloc, and .fileloc.

The App exploits require local code execution so mitigation is to avoid downloading untrustworthy Apps.

Indicators of Compromise

None at this time.

Mitre Methodologies

T1068 – Exploitation for Privilege Escalation
T1404 – Exploit OS Vulnerability
T1566.001 – Spearphishing Attachment

Further Information

Remotely exploitable “inetloc” zero-day vulnerability hits the Mac

Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program

About the security content of iOS 12.5.5

About the security content of Security Update 2021-006 Catalina