Recently, 360 Company stated that five Apple macOS software Bluetooth vulnerabilities were found by the team.
This is a rare combination of vulnerabilities in Apple’s macOS software, and it has been officially confirmed that all the vulnerabilities belong to a “zero-click, no-contact” remote exploitation vulnerability. The 360 Alpha Lab team named it the “Bluewave” vulnerability.
As we all know, although they are also high-risk vulnerabilities, the triggering of many vulnerabilities still largely depends on user pre-authorization or interactive operations, and the actual threats are largely eliminated.
It is understood that the “Bluetooth process has extremely high permissions on all operating systems, and the “Bluewave” vulnerability is rare in that attackers can complete remote attack exploitation in a non-perceived and non-interactive form, causing the victim to fall into Illegal control and its ability to destroy cannot be ignored.”
At present, Apple has released patches based on the vulnerability reports submitted by the 360 team. The Qihoo 360 Vulcan team has also found a vulnerability in Audio and Intel Graphics driver which was also patched by the latest Apple macOS Catalina 10.15.3 security update 2020-001 Mojave, security update 2020-001 High Sierra.