Google’s Threat Analysis Group (TAG) detected watering hole attacks targeting visitors to several Hong Kong websites. “The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.” Apple released a fix for the issue in September. Ref https://support.apple.com/en-us/HT212825
