Attacks with the Adload malware against macOS systems have been facilitated by the exploitation of the already patched HM Surf vulnerability, tracked as CVE-2024-44133, according to SC Media.
Such a flaw could be leveraged to evade the Safari browser directory's transparency, consent, and control defenses and secure sensitive user data access, noted Microsoft Threat Intelligence researchers, who urged the immediate implementation of issued macOS 15 Sequoia security updates to prevent compromise.
Escalated privileges in Apple's Safari browser were noted by Approov CEO Ted Miracco to have enabled such a potent means of compromise.
"Safari's preferential treatment highlights a broader issue with how Apple restricts security innovations from other developers, creating a de facto monopoly that can backfire, as seen with this flaw. This incident exposes the danger of Apple's tightly controlled security model. Apple claims that its 'built-in' security features negate the need for third-party solutions can lead to a false sense of security for users," said Miracco.
