Mac Zero Day Targets Apple Devices in Hong Kong

Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites.

Since at least late August, attackers have been using flaws in macOS and iOS – including in-the-wild use of what was then a zero-day flaw – to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites.

This isn’t a finely targeted campaign, but it’s a sophisticated one. The watering-hole attack indiscriminately slipped malware onto any iOS or macOS device unfortunate enough to have stumbled across the infected sites, according to a report published on Thursday by Google’s Threat Analysis Group (TAG).

In other words, the threat actors threaded malware into the legitimate websites of “a media outlet and a prominent pro-democracy labor and political group” in Hong Kong, according to TAG.

Register now for our LIVE event!

The victims’ devices were inflicted with what was then a zero day, plus another exploit that used a previously patched vulnerability for macOS that was used to install a backdoor on their computers, according to TAG’s report.

Likely

Read More: https://threatpost.com/mac-zero-day-apple-hong-kong/176300/