Google helps Apple patch critical bug in macOS


New Delhi, Nov 12 (IANS): Google security researchers have revealed that hackers targeting visitors to websites in Hong Kong were using an undisclosed, zero-day flaw in Apple MacOS software to snoop on people.

Google's Threat Analysis Group (TAG) discovered watering hole attacks in August, targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group.

"Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code," the TAG team said in a blog post on Thursday.

Apple patched the bug in a macOS Catalina update in September.

"A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild," said Apple, giving Google researchers credit for discovering the flaw.

The websites leveraged for the attacks contained two iframes which served exploits from an attacker-controlled server - one for iOS and the other for macOS.

"We continue to collaborate with internal teams like Google Safe Browsing to block domains and IPs used for exploit delivery and industry partners like Apple to mitigate vulnerabilities. We are appreciative of Apple's quick response and patching of this critical vulnerability," Google said.

 

  

Top Stories


Leave a Comment

Title: Google helps Apple patch critical bug in macOS



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.