Perception Point, an email and cloud collaboration channel security company that offers “fast interception of content-borne attacks as a service,” says its researchers uncovered two zero-day flaws in macOS.
CVE-2021-30783, fixed in the Security Update 2021-005 Catalina, and CVE-2021-30864, now fixed in the latest macOS version 12.0.1. According to the folks at Perception Point, the vulnerabilities introduce a novel method to escape the macOS process sandbox. This method has been confirmed, addressed and fixed by Apple.
From Perception Point’s report: The zero-day attacks abuse environment variables and custom-made mach-O messages to craft a forged request to authorize access beyond the security boundaries of the sandboxes process. Using these methods, an attacker can slip outside the gates and perform malicious activity in the name of the logged-in user. Such vulnerabilities can be used in an exploit chain to fully compromise a victim’s Apple computer with various techniques, including installing malware, ransomware or basically performing any action that the attacker can think of.
“In the past it was enough to exploit just one vulnerability to compromise a victim, but as security defenses evolve attackers are required to overcome numerous hurdles,” says Shlomi Levin, chief technical officer at Perception Point. “These days, a chain of vulnerabilities is required to successfully compromise a victim. A sandbox escape vulnerability is crucial for executing a successful, complete exploit chain. Finding such vulnerabilities in MacOS indicates that no OS is fully secured or immune to attacks.”
macOS Monterey version 12.0.1, released October 25, 2021, resolves different security exploits, including the aforementioned CVE-2021-30864. A fix for this CVE is available for Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later). More details can be found in the macOS Monterey 12.0.1 security content release notes.
Read the Perception Point blog for more information about the newly discovered zero-days exploits.