Skip to content
Pangu

Pangu

  • Home
  • Xiaomi phones
  • Pangu jailbreak
  • Pangu firmware
  • Telecoms finance
  • Accounts
  • Terms and Conditions
  • Privacy Policy
Watch Online
  • Home
  • Pangu jailbreak
  • Spyware exploited unpatched Apple vulnerability via activist websites in Hong Kong
  • Pangu jailbreak

Spyware exploited unpatched Apple vulnerability via activist websites in Hong Kong

Kelly Choos November 12, 2021 2 min read

Visitors to well-known Hong Kong democracy and labor rights movement websites were reportedly infected with data malware on their Macs and iPhones for several weeks. A zero-day exploit was used in the XNU kernel. This is reported by Google’s Threat Analysis Group (TAG).

Apple has been slow to respond

The gap is now closed, Apple released on September 23 a special update for macOS Catalina and older versions of iOS for the XNU bug. However, the bugs have reportedly been exploited since at least August 2021, Google’s document on the TAG blog says – if not more.

According to Google, only partial details of the iOS malware are available so far. It has not been possible to identify the complete chain of infection, it is said. Apparently, an older and already fixed Safari bug was used to run the code (CVE-2019-8506). In macOS, however, the TAG was able to find out how the attack worked. It is not known who is behind this – a state actor is suspected.

Full system access

The macOS malware strain is referred to as “MACMA” or “OSX.CDDS”. It sneaks full root access to affected systems and uses a combination of a WebKit bug – but the one already fixed in January 2021 has become (CVE-2021-1789) and declared the XNU vulnerability. Spyware discovered on the devices comes with a backdoor that opens up a lot of opportunities for the attacker. According to Google, this includes taking device fingerprints, taking screenshots, uploading (and uploading) files, running terminal commands, activating an audio bug. (microphone on) and keystroke recording.

According to Google, the malware was distributed through “news media websites” in Hong Kong and a “prominent pro-democracy political group” that also advocates for workers’ rights. The TAG did not reveal what it was exactly. Interestingly, the XNU vulnerability and exploit was reportedly showcased at two security conferences in April and July 2021 – by Chinese jailbreak team Pangu Lab. It also appears to be similar to a previous XNU issue that was discovered by Google Project Zero (CVE-2020-27932) and for which an iOS exploit existed. It’s unclear why Apple didn’t respond to the April and July presentations.

No more Macs and me

No more Macs and me

No more Macs and me


(baccalaureate)

Source of the article

Disclaimer: This article is generated from the feed and is not edited by our team.

Related posts:

  1. The best way to jailbreak your iPhone or iPod Contact in 2021
  2. Jailbreak – 9to5Mac
  3. New ‘non-patchable’ exploit allegedly discovered on Apple’s Safe Enclave chip, here is what it may imply
  4. Pangu Jailbreak iOS 14 workforce demos at Mosec 2020, launch imminent?

Continue Reading

Previous: iOS 15, Windows 10, Google Chrome hacked in massive cyber attack
Next: Open gap in old systems: Apple’s patch strategy leaves users vulnerable

Related Stories

How to Remove Search Bar from Taskbar on Windows 10 PC 2022 [Updated] How to Remove Search Bar from Taskbar on Windows 10 PC 2022 [Updated]
2 min read
  • Pangu jailbreak

How to Remove Search Bar from Taskbar on Windows 10 PC 2022 [Updated]

March 30, 2022
How to Run Exodus Kodi 2022 Addon [Updated] How to Run Exodus Kodi 2022 Addon [Updated]
3 min read
  • Pangu jailbreak

How to Run Exodus Kodi 2022 Addon [Updated]

March 15, 2022
How to Fix Windows Update Error Code 0x800705b4 2022 [Updated] How to Fix Windows Update Error Code 0x800705b4 2022 [Updated]
3 min read
  • Pangu jailbreak

How to Fix Windows Update Error Code 0x800705b4 2022 [Updated]

March 15, 2022

Categories

app store ios device ios ios ios jailbreak iphone ipad ipod touch jailbreak ios jailbreak tool operating system pangu jailbreak pangu team running ios united states version ios xiaomi mi

  • Accounts
  • Pangu firmware
  • Pangu jailbreak
  • Telecoms finance
  • Xiaomi phones

Recent posts

Recent Posts

  • 3 Ways to Manage Your Finances

  • We wish Samsung’s foldable phones didn’t mean a slimmer wallet either

  • One UI 5 beta is now available in the US, South Korea and Germany, still only for the Galaxy S22 series

  • Weekly poll: is the OnePlus 10T the one to get or the one to skip?

  • SG Americas Securities LLC sells 11,522 shares of Comtech Telecommunications Corp. (NASDAQ: CMTL)

  • Google contracts production of Pixel 7 and Pixel Foldable to Foxconn

Archives

  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • June 2019
  • April 2019
  • February 2019
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • May 2018
  • April 2018
  • March 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • August 2014
  • July 2014
  • June 2014
  • January 2014
  • November 2013
  • February 2013
  • December 2012

You may have missed

We wish Samsung’s foldable phones didn’t mean a slimmer wallet either
2 min read
  • Xiaomi phones

We wish Samsung’s foldable phones didn’t mean a slimmer wallet either

August 10, 2022
One UI 5 beta is now available in the US, South Korea and Germany, still only for the Galaxy S22 series
6 min read
  • Xiaomi phones

One UI 5 beta is now available in the US, South Korea and Germany, still only for the Galaxy S22 series

August 9, 2022
Weekly poll: is the OnePlus 10T the one to get or the one to skip?
2 min read
  • Xiaomi phones

Weekly poll: is the OnePlus 10T the one to get or the one to skip?

August 7, 2022
SG Americas Securities LLC sells 11,522 shares of Comtech Telecommunications Corp. (NASDAQ: CMTL)
5 min read
  • Telecoms finance

SG Americas Securities LLC sells 11,522 shares of Comtech Telecommunications Corp. (NASDAQ: CMTL)

August 6, 2022