Anonymous Researcher Warns About macOS Vulnerability

macOS photo

In the world of technology and IT, Apple is a global brand that has a no-nonsense reputation when it comes to two vital paradigms; security and privacy. Apple’s approach to security and privacy has always been different from that of its competition (albeit at an elevated price). Their approach to their products means the exclusive use of their proprietary hardware and software products for the user. A notoriously secure and minimalist ecosystem that is strict on third-party software, utilizes solid and stable hardware, as well as offering an extremely smooth macOS operating system user experience, have always been Apple’s distinguishing characteristics as a brand.

However, in the cybersecurity industry, researchers and security experts know that no system, however impervious or impenetrable, is completely immune to vulnerabilities and cybercrime. In retrospect, the company has had a few issues although again this is overall much less than the competition. Specifically, Apple has had some issues with malware infections not too long ago affecting their new and highly anticipated M1 chip.

This time, on July 22nd, 2021 a serious high-risk vulnerability was reported by an anonymous researcher. Release information is not yet available on the issue. Furthermore, a patch from Apple that resolves the issue is not yet available.

The macOS Vulnerability at a Glance

Technical details based on information from the anonymous researcher are that this is a remote code execution vulnerability. Recently, there seems to be a pattern of remote code execution flaws and arbitrary code execution vulnerabilities affecting the software products of many high-tier organizations.

The vulnerability is type; out-of-bounds write / Apple macOS ImageIO Remote Code Execution. This vulnerability allows a remote attacker (hacker) to compromise (take control of and disrupt) a vulnerable system that is targeted.

The risk level of this vulnerability has been reported as high.

Technical Details Surrounding The Vulnerability

The vulnerability CVE ID code has been marked down as CVE-2021-30662. The CWE ID code is CWE-787. The vulnerability exists due to a boundary error within the ImageIO framework. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the ImageIO framework. Crafted data in a TIFF image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Vulnerable Software Versions of macOS

It is recommended that users check the ‘Software Update’ section on their Apple products for any patches. The following versions of macOS are still vulnerable until a patch is released to update and mitigate the issue;

macOS: 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.14.6 18G3020, 10.14.6 18G4032, 10.14.6 18G5033, 10.14.6 18G6020, 10.14.6 18G6032, 10.14.6 18G6042, 10.14.6 18G7016, 10.14.6 18G8012, 10.14.6 18G8022, 10.14.6 18G9028, 10.14.6 18G9216, 10.14.6 18G9323, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15.5 19F101, 10.15.6 19G73, 10.15.6 19G2021, 10.15.7 19H2, 10.15.7 19H4, 10.15.7 19H15, 10.15.7 19H114, 10.15.7 19H512, 10.15.7 19H524, 10.15.7 19H1030, 10.15.7 19H1217, 10.15.7 19H1323, 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 20D91, 11.3 20E232, 11.3.1 20E241, 11.4 20F71, 11.5 20G71

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.