Cybersecurity Threat Advisory 0031-22: Apple macOS Critical Privilege Escalation Vulnerability
Apple has released an emergency update for a critical kernel privilege escalation vulnerability in macOS Big Sur 11. This vulnerability allows an attacker to utilize the app to execute arbitrary code with kernel privileges. Barracuda MSP recommends updating to the macOS version 11.6.6 to avoid potential impact.
Technical Detail & Additional Information
WHAT IS THE THREAT?
A kernel privilege escalation vulnerability exists in the current macOS Big Sur 11. An attacker can execute arbitrary code with Kernel privileges within the ‘AppleAVD” kernel extension that enables audio and video decoding. This vulnerability has been categorized as zero-day, indicating that it was an unknown flaw.
WHY IS IT NOTEWORTHY?
This vulnerability exists in the current macOS Big Sur 11 version, the operating system that supports an Apple computer’s basic function such as executing applications and controlling peripherals. This is the sixth zero-day vulnerability addressed by Apple since January. When a new zero-day vulnerability becomes public, it lets attackers know that their window to exploit the vulnerability will close soon. This typically leads to a drastic increase to the number of exploits in the wild.
WHAT IS THE EXPOSURE OR RISK?
The exploitation of this vulnerability allows attackers to compromise affected devices and pivot inside the victim’s internal network. The attacker can spread their reach to internal systems that are not exposed to the internet. This can lead to the compromise of proprietary or confidential information related to the victim or any customers that they may serve. When exploited, this vulnerability allows an attacker to have complete and unrestricted kernel access to the CPU. If an attacker has kernel privileges, it becomes easy for them to deploy a ransomware event or Business Email Compromise (BEC) leading to temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses, and potential harm to an organization’s reputation.
WHAT ARE THE RECOMMENDATIONS?
Barracuda MSP recommends the following actions to limit the impact of an arbitrary code execution attack:
- Update macOS Big Sur to version 11.6.6 or newer.
- We recommend a firewall in front of the CouchDB instillations.
- Keep all applications updated thus enforcing new security measures.
- Continue to stay up to date with our threat advisories to avoid potential threats.
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.