This week, Google researchers published a report detailing what they described as a watering hole hacking campaign originating in Hong Kong discovered in August. Hackers, whom Google thinks were state-backed, implanted malware in the websites of a Hong Kong pro-democracy group, which would install backdoors on visitors’ devices.
The researchers discovered the macOS vulnerability the hackers targeted and reported it to Apple, but they couldn’t completely profile it in iOS. Apple patched it on September 23 on macOS Catalina. However, security researcher Josh Long pointed out that Apple patched this same vulnerability in macOS Big Sur on February 1, over 200 days earlier. Big Sur is the version of macOS immediately following Catalina. Apple followed up Big Sur with Monterey, the latest version, last month.
