Active Exploitation of Apple Zero-Day Vulnerabilitiess

Advisory Type Vulnerability Intelligence
CVE ID CVE-2021-30657,30663, 30665, 30666
Vulnerability Type Remote Code Execution
Vulnerable Application Apple iPhone WebKit Engine
Affected Platform iOS/macOS/watchOS

Executive Summary

Adversaries are actively targeting and exploiting zero-day vulnerabilities in iOS. Based on the security advisories posted by Apple, there are critical bugs present in the WebKit Engine, a browser rendering engine that is used in web browsers like Safari (iOS) and other applications that render HTML. The bugs that were publicly disclosed, when exploited, led to remote code execution on affected systems. A recent 0-day, dubbed CVE-2021-30657, is responsible for client-side attack vectors involving malware execution by bypassing Apple’s File Quarantine, Gatekeeper, and Notarization security checks. This bug is actively exploited in the wild by Shlayer Malware.

Threat Vector

The bug is triggered when the victim visits a malicious website hosted by the threat actor.

image

Shlayer Malware

Apple patched the zero-day, CVE-2021-30657, that was targeting MacOS and exploited in the wild by Shlayer malware to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks in order to download second-stage malicious payloads.

Impact and Mitigation

image

1 Like