Apple fixes three macOS, tvOS zero-day bugs exploited in the wild


Level 37
Thread author
Top poster
Feb 4, 2016
Apple has released security updates to patch three zero-day vulnerabilities that attackers might have exploited in the wild.
In all three cases, Apple said that it is aware of reports that the security issues "may have been actively exploited," but it didn't provide details on the attacks or threat actors who may have exploited the zero-days.

Exploitable for privacy bypass and code execution​

Two of the three zero-days (tracked as CVE-2021-30663 and CVE-2021-30665) impact WebKit on Apple TV 4K and Apple TV HD devices.
Webkit is Apple's browser rendering engine used by its web browsers and applications to render HTML content on its desktop and mobile platforms, including iOS, macOS, tvOS, and iPadOS.


Level 37
Top poster
Nov 10, 2017
macOS Big Sur 11.4, which was released this morning, addresses a zero-day vulnerability that could allow attackers to piggyback off of apps like Zoom, taking secret screenshots and surrepetiously recording the screen.

Jamf, a mobile device management company, today highlighted a security issue that allowed Privacy preferences to be bypassed, providing an attacker with Full Disk Access, Screen Recording, and other permissions without a user's consent.

The bypass was actively exploited in the wild, and was discovered by Jamf when analyzing XCSSET malware. The XCSSET malware has been out in the wild since 2020, but Jamf noticed an uptick in recent activity and discovered a new variant.

The rest


Level 14
Top poster
Jan 21, 2018
Another article on this news -

Apple patches dangerous security holes, one in active use – update now!

"...Perhaps even more importantly, one of the Big Sur bugs that was patched, now dubbed CVE-2021-30713, is a security flaw that is already known to criminals and has already and quietly been exploited in the wild.

In fact, this exploit was only recently reported to Apple after lurking unnoticed in Mac malware known as XCCSET that dates back to last year.

Ironically, this bug exists in a system component called TCC, short for Transparency Consent and Control, a part of macOS that is supposed to make sure that apps don’t do things they aren’t supposed to.

According to security researchers at Mac management software company Jamf, this bug provides a sneaky way for a simple AppleScript utility with no special permissions at all to “leech off” the permissions of an an already-installed app..."