News

Security company slams Apple for inconsistent patching

By Abhay Ram
Apple

The anti-malware software maker Malwarebytes has criticized Apple for using an “inconsistent” patching process. The security company wrote in a blog post that the iPhone maker’s “behaviour” is leading to bad security consequences. 


The blog post written by the director of Mac and mobile at Malwarebytes, Thomas Reed, details Hong Kong’s watering hole campaign. Several people in Hong Kong were affected by macOS exploits that specifically targeted the visitors of media outlets and pro-democracy political organizations.

Apple

A single exploit chain found by Google’s TAG

It was Google’s Threat Analysis Group (TAG) that first reported the watering hole attacks that targeted Hong Kong residents. The vulnerabilities in macOS are reportedly found to be a single exploit chain. One of the attacks was based on the flaw in Webkit – remote code execution (CVE-2021-1789) – and the other – an XNU privilege escalation vulnerability. 


According to Reed, Trojan was used to attack the specific set of people of Hong Kong. He also added that both attacks have been around since 2019 without having been detected. 

Security company slams Apple for inconsistent patching
Security company slams Apple for inconsistent patching

“The same bug apparently existed in Catalina, which remained unpatched seven months after Apple released the patch for Big Sur, and more than five months after the details had been released at Zer0con,” Reed wrote in the blog post published by Malwarebytes. “This allowed attackers to target individuals running Catalina and Safari 13 without detection.”


While Aple has been releasing patches for its macOS versions. The company has not been doing so in an inconsistent manner – taking months to release the patch for the older versions of desktop operating system.

“To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group,” reads the blog post published by Google’s TAG. “The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.”


Latest News
The 14-inch MacBook Pro with M5 Chip 16GB RAM/512GB is $250 Off
The 14-inch MacBook Pro with M5 Chip 16GB RAM/512GB is $250 Off
1 Min Read
Noise and Static on AirPods Pro 3 Still Unfixed
Noise and Static on AirPods Pro 3 Still Unfixed
1 Min Read
New iMac with 24-inch OLED Display May be Brighter With 600 Nits
New iMac with 24-inch OLED Display May be Brighter With 600 Nits
1 Min Read
The 15-inch M4 MacBook Air 256GB Is $250 Off
The 15-inch M4 MacBook Air 256GB Is $250 Off
1 Min Read
Internal Kernel Debug Kit from Apple Reveals Tests for a MacBook with A15 Chip
Internal Kernel Debug Kit from Apple Reveals Tests for a MacBook with A15 Chip
1 Min Read
Apple Currently In Talks With Suppliers for Chip Assembly & Packaging of iPhones in India
Apple Currently In Talks With Suppliers for Chip Assembly & Packaging of iPhones in India
1 Min Read
Apple Allows Easier Battery Replacement For M5 MacBook Pro with 14-inch Display
Apple Allows Easier Battery Replacement For M5 MacBook Pro with 14-inch Display
1 Min Read
The Apple Watch SE 3 44mm GPS is $50 Off
The Apple Watch SE 3 44mm GPS is $50 Off
1 Min Read
20th Anniversary iPhone May Launch in Two Years
20th Anniversary iPhone May Launch in Two Years
1 Min Read
Better Image Generation Capabilities and Apple Music Integration Coming to ChatGPT
Better Image Generation Capabilities and Apple Music Integration Coming to ChatGPT
1 Min Read
A20 Pro Chip Coming to Next Gen iPad Mini OLED
A20 Pro Chip Coming to Next Gen iPad Mini OLED
1 Min Read
Amazon has the AirTag 4 Pack Marked $29 off
Amazon has the AirTag 4 Pack Marked $29 off
1 Min Read
Lost your password?