iLoungeiLounge
  • News
    • Apple
      • AirPods Pro
      • AirPlay
      • Apps
        • Apple Music
      • iCloud
      • iTunes
      • HealthKit
      • HomeKit
      • HomePod
      • iOS 13
      • Apple Pay
      • Apple TV
      • Siri
    • Rumors
    • Humor
    • Technology
      • CES
    • Daily Deals
    • Articles
    • Web Stories
  • iPhone
    • iPhone Accessories
  • iPad
  • iPod
    • iPod Accessories
  • Apple Watch
    • Apple Watch Accessories
  • Mac
    • MacBook Air
    • MacBook Pro
  • Reviews
    • App Reviews
  • How-to
    • Ask iLounge
Font ResizerAa
iLoungeiLounge
Font ResizerAa
Search
  • News
    • Apple
    • Rumors
    • Humor
    • Technology
    • Daily Deals
    • Articles
    • Web Stories
  • iPhone
    • iPhone Accessories
  • iPad
  • iPod
    • iPod Accessories
  • Apple Watch
    • Apple Watch Accessories
  • Mac
    • MacBook Air
    • MacBook Pro
  • Reviews
    • App Reviews
  • How-to
    • Ask iLounge
Follow US

News

News

Security company slams Apple for inconsistent patching

Last updated: Nov 25, 2021 2:27 pm UTC
By Abhay Ram
Apple

The anti-malware software maker Malwarebytes has criticized Apple for using an “inconsistent” patching process. The security company wrote in a blog post that the iPhone maker’s “behaviour” is leading to bad security consequences. 

Advertisements

The blog post written by the director of Mac and mobile at Malwarebytes, Thomas Reed, details Hong Kong’s watering hole campaign. Several people in Hong Kong were affected by macOS exploits that specifically targeted the visitors of media outlets and pro-democracy political organizations.

Apple

A single exploit chain found by Google’s TAG

It was Google’s Threat Analysis Group (TAG) that first reported the watering hole attacks that targeted Hong Kong residents. The vulnerabilities in macOS are reportedly found to be a single exploit chain. One of the attacks was based on the flaw in Webkit – remote code execution (CVE-2021-1789) – and the other – an XNU privilege escalation vulnerability. 

Advertisements

According to Reed, Trojan was used to attack the specific set of people of Hong Kong. He also added that both attacks have been around since 2019 without having been detected. 

Security company slams Apple for inconsistent patching
Security company slams Apple for inconsistent patching

“The same bug apparently existed in Catalina, which remained unpatched seven months after Apple released the patch for Big Sur, and more than five months after the details had been released at Zer0con,” Reed wrote in the blog post published by Malwarebytes. “This allowed attackers to target individuals running Catalina and Safari 13 without detection.”

Advertisements

While Aple has been releasing patches for its macOS versions. The company has not been doing so in an inconsistent manner – taking months to release the patch for the older versions of desktop operating system.

“To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group,” reads the blog post published by Google’s TAG. “The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.”

Advertisements

Latest News
AirPods 4
The AirPods 4 is $30 Off
1 Min Read
Apple Smart Glasses
Apple smart glasses might debut late 2026
1 Min Read
Total War: Rome II
New ‘Total War: Rome II’ arrives on macOS
1 Min Read
Netflix
Netflix to add AI to user search
1 Min Read
Apple Watch
The Apple Watch Series 10 GPS 42mm Model is $100 Off
1 Min Read
AirPods
AirPods with camera might have a 2027 debut
1 Min Read
Apple Arcade
New games arriving on Apple Arcade in June
1 Min Read
Skype
Skype ends service, shuts down
1 Min Read
iPad
The 11th-Generation iPad Wi-Fi 512GB is $50 Off
1 Min Read
Apple
Apple developing new chip for future AI features and Macs
1 Min Read
Apple Card
Apple sends out Uber one free trial to Apple Card customers
1 Min Read
Google
Google adds AI-Powered security measures in Chrome
1 Min Read

iLounge logo

iLounge is an independent resource for all things iPod, iPhone, iPad, and beyond. iPod, iPhone, iPad, iTunes, Apple TV, and the Apple logo are trademarks of Apple Inc.

This website is not affiliated with Apple Inc.
iLounge © 2001 - 2025. All Rights Reserved.
  • Contact Us
  • Submit News
  • About Us
  • Forums
  • Privacy Policy
  • Terms Of Use
Welcome Back!

Sign in to your account

Lost your password?