Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data

September 18, 2024 | A zero-click vulnerability chain in macOS allowed attackers to bypass security features like Gatekeeper and TCC, exposing sensitive iCloud data, including photos. Researcher Mikko Kenttälä discovered the flaw by exploiting a file sanitization issue in Calendar invites, which enabled remote code execution (RCE) without user interaction.

Apple has since patched the vulnerabilities, but this incident highlights ongoing risks to macOS security.

[Read the full article]

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.
Tactics to Mitigate Security Gaps in Modern Threat Response. Upcoming Webinar - October 15.
This is default text for notification bar