2 min read

Malware exploited macOS zero-day flaw to secretly take screenshots. Update to Big Sur 11.4 now

Graham CLULEY

May 25, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Malware exploited macOS zero-day flaw to secretly take screenshots. Update to Big Sur 11.4 now

Apple Mac users are being advised to update their operating system as a matter of priority, after malicious hackers have discovered a way of bypassing the privacy protections built into Apple Macs.

The vulnerability, allows attackers to gain permissions on vulnerable Macs without users’ granting explicit consent.

Specifically, as security researchers at Jamf explain, versions of the XCSSET malware hunt for installed apps for which the targeted user may already have granted permission to take a screenshot as part of their normal operations (such as Zoom, Discord, Skype and TeamViewer).

The malware, which is written in AppleScript, then injects malicious commands into the legitimate apps – telling them to take snapshots of the user’s screen.

As Jamf describes, the malicious code has been carefully written in an attempt to avoid raising suspicions from the security mechanisms built into macOS by Apple:

“Much of the time the malware author leverages AppleScripts in their attack chain due to the facility in which it handles many bash commands, even downloading and/or executing Python scripts in an effort to obfuscate their intentions through a confusing use of various scripting languages.”

According to the researchers, the technique can be used for not just recording victim’s screens, but also accessing microphones, webcams, or capturing keypresses – all without the user granting consent.

It’s easy to imagine how exploitation of the vulnerability could allow an attacker to steal sensitive information such as passwords as well as snoop upon private communications.

According to reports, the principal targets of the XCSSET malware have been Mac developers – with malicious code injected into Xcode projects, that are sometimes later shared with the Mac development community on GitHub.

Any developers relying on the code hosted in affected GitHub repositories for their own projects are thus unwittingly assisting a supply-chain attack.

Fortunately, this week Apple has released macOS Big Sur 11.4 which, aside from the normal bug fixes, contains a patch for the permission-busting security hole exploited by the XCSSET malware.

To update your Mac or MacBook, choose “System Preferences” from the Apple menu in the top-left of the screen. Then click “Software Update” to see if any updates are available and follow instructions.

To install future updates automatically, select the option to “Automatically keep my Mac up to date”.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

What are drive-by download attacks and how do you prevent them? What are drive-by download attacks and how do you prevent them?
Alina BÎZGĂ

October 25, 2021

2 min read
Romance scam suspects rounded up in South Africa after 100 women targeted Romance scam suspects rounded up in South Africa after 100 women targeted
Graham CLULEY

October 22, 2021

2 min read
Massive Phishing Campaign Seeks to Steal YouTube Creators Accounts Massive Phishing Campaign Seeks to Steal YouTube Creators Accounts
Radu CRAHMALIUC

October 22, 2021

2 min read