Zero-click/no-touch remote exploitation vulnerabilities allow hacking macOS systems

Apple recently released a couple of security alerts regarding the finding of at least five Bluetooth vulnerabilities on MacOS. According to information security consulting specialists, these flaws would allow threat actors to compromise a device without clicks and without contact (attack variants known as zero-click/no-touch).

The report was filed by the team of researchers at the 360 Alpha Lab firm. Apple subsequently recognized the report and began work on the release of the corresponding security patches. Researchers received a $75k USD payment as part of the company’s vulnerability rewards program.

The security flaw, dubbed “Bluewave“, exists in the Bluetooth process of the macOS system. In their report, information security consulting specialists mention that once the hacker compromises a device, you can use it as an access point to a Bluetooth-paired computer.

Apparently, the flaw is extensive for all Apple notebooks running macOS, including Mojave 10.14.6, macOS High Sierra 10.13.6 and macOS Catalina 10.15.2. Specialists in the 360 information security consulting recommend that users upgrade to the latest versions of the operating system as soon as possible.

This is a particular case where a potential security flaw affects macOS OS devices more than Windows machines. The report mentions that this vulnerability affects more than twice as much macOS devices as Windows.

However, Windows devices continue to master the security vulnerability statistics, making them one of the most frequent targets of threat actors. This scenario could change in the future, as the growing popularity of Apple devices among tech users could cause threat actors to start investing more resources for attacking these devices, not forgetting that attacks Apple devices have grown by nearly 40% in the last two years.

The International Institute of Cyber Security (IICS) recommends checking the official platforms of technology developers to download the corresponding updates for more details on the report.