Patched macOS Catalina vulnerability targeted Hong Kong users

Google on Thursday shared details of a recently patched macOS Catalina zero-day vulnerability that targeted users visiting the websites of a Hong Kong media outlet and a pro-democracy group.In late August, Google’s Threat Advisory Group (TAG) discovered a watering hole attack that appeared to target people interested in Hong Kong politics, particularly pro-democracy issues. This particular attack vector does not seek to pinpoint users, but instead relies on techniques to push vulnerabilities to a wider audience.Impacted sites served an XNU privilege escalation vulnerability, identified as CVE-2021-30869, that was unpatched in macOS Catalina, allowing installation of a previously unreported backdoor on affected machines. Read more…
Go to Source