With this high level of privileges, the malware drops its payload onto the machine. This led to the in-memory execution of native Mac code, which exploits CVE-2021-30869 to gain root privileges. The new malware got a foothold via CVE-2021-1789, exploited via a JavaScript file named mac.js loaded by the malicious site. Now, if this sounds familiar, it’s because you’ve been paying attention-this is exactly the same technique as that used by the CDDS (aka Macma) malware that was described by Google in November, even down to spreading through Chinese pro-democracy sites. It infected machines using a combination of two vulnerabilities, one in WebKit (the framework that powers Safari) and one in macOS (a privilege escalation vulnerability). DazzleSpy, a piece of malware that attacks macOS, was discovered last fall by researchers at ESET, and now those researchers have released more detailed findings.ĭazzleSpy, according to the researchers at ESET, was being spread via watering hole attacks via pro-democracy websites in China.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |