Skip to content

macOS malware and bugs: XCSSET warnings and zero-day patches

Posted by: GuidePoint Security

< 1 min read

Published 08/04/2021, 9am

Malware and zero-days affecting macOS products, including iPhones, iPads, and Mac computers, had security researchers issuing multiple warnings last week.

XCSSET malware evolving

The malware known as XCSSET continues to evolve, according to security researchers, and now includes the ability to steal login information from multiple apps, including the Telegram messaging app and the Chrome browser.

In targeting the Telegram app, researchers found the malware can access the application sandbox directory with read/write permissions. When stealing passwords from Google Chrome, the malware uses the Safe Storage Key found in ‘Chrome Safe Storage.’ The malware then puts any operation that requires root privilege into a single function, prompting the user to grant privileges through a fake dialog box. Stolen login data is sent to the attacker’s command and control (C2) servers.)

According to researchers, this updated version of XCSSET is targeting the latest macOS version known as Big Sur.

Apple issues patches for iPhone/Mac zero-days

Last week, Apple released security patches for several zero-days discovered being exploited in the wild. The bugs (tracked as CVE-2021-30807) affect iPhones, iPads, and Macs and relate to a memory corruption problem in the IOMobileFramebuffer kernel extension. If attacked, the vulnerability enables applications to execute arbitrary code using kernel privileges.

Next Steps

XCSSET Malware—Researchers point out that while the deviations they discovered in the XCSSET malware do not reflect any “fundamental change” in XCSSET’s behavior, it does suggest ongoing tactics refinement. Users are encouraged to only download apps from official and legitimate sources. They also suggest that application developers refrain from storing sensitive data, like login information, in the sandbox directory.

macOS Vulnerabilities—Apple has issued a security update for macOS Big Sur. Users of Apple products are urged to install any new updates immediately.

Categories: Blog Cybersecurity

GuidePoint Security

Countering The Threat Of Spear-Phishing
With Spear-Phishing, many organizations feel like their tools will help them stop the attacks. This is true at some levels, […]
Download

Related Articles

View All

  • Security Awareness & Education
Countering The Threat Of Spear-Phishing
Read More < 1 min read
  • GRIT Blog
GRIT Ransomware Report: July 2023
Posted by: Nic Finn
Published 08/17/23, 06:00am
Read More 9 min read
  • Blog
macOS Malware & PetitPotam: Cybersecurity News for the Week of—07/29/21
Posted by: GuidePoint Security
Read More < 1 min read