Apple Inc. has rolled out updates to address three zero-day vulnerabilities, apart from other security flaws, which were being exploited in the wild quite actively by threat actors. Two of these flaws affected tvOS for the Apple TV 4k and Apple TV HD, while the third one was identified in the macOS Big Sur OS that powers its laptops and desktop devices.
The decision comes after Apple acknowledged that these flaws are being “actively exploited,” Apple noted in its security bulletin. The flaw was discovered by the Jamf detection team while exploring XCSSET malware.
Apple has also issued patches for macOS Catalina, iOS, Mojave, watchOS, iPad, and the Safari browser security loopholes.
0-Day flaws allowed attackers to bypass Apple’s privacy features
The macOS Big Sur zero-day was tracked as CVE-2021-30713, and it could let an attacker bypass Apple’s critical security features, including Transparency Consent and Control Framework. These features prompt the user for permission whenever an app’s actions impact their privacy directly, such as granting a “video collaboration software access to webcam and microphone,” noted the Jamf detection team.
“In order to participate in virtual meetings. The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent — which is t ..
Support the originator by clicking the read the rest link below.
