![]() ![]() While it is possible this vulnerability was assigned CVE-2021-1789, we couldn’t confirm due to the lack of publicly available technical details. We have confirmed that the patch identified by Google TAG does fix the vulnerability. Excerpt of the JavaScript exploit containing comments about how to target iOS and PAC-enabled devices This copy includes the malicious iframe, as seen in Figure 1.įigure 5. We could also confirm that the Internet Archive cached a copy of the web page on November 13 th. The very recent registration date of the fightforhkcom domain, October 19 th, 2021, and the fact that the website is no longer accessible, supports that idea. We can read on its home page “Liberate Hong Kong, the revolution of our times”. It was reported by Felix Aimé from SEKOIA.IO that one of the websites used to propagate the exploits was a fake website targeting Hong Kong activists. But first, let’s look at how victims came into contact with the malicious code in the first place. Here we provide a breakdown of the WebKit exploit used to compromise Mac users and an analysis of the payload, which is a new malware family targeting macOS. ESET researchers had been investigating this campaign the week before that publication, uncovering additional details about the targets and malware used to compromise its victims. On November 11 th, Google TAG published a blogpost about watering-hole attacks leading to exploits for the Safari web browser running on macOS. ![]() Hong Kong pro-democracy radio station website compromised to serve a Safari exploit that installed cyberespionage malware on site visitors’ Macs ![]()
0 Comments
Leave a Reply. |