Forbes reports that malicious malware allows hackers to secretly take screenshots. It is also reported that the security vulnerability can also be used to record users and access their data on the system. So, Mac users should immediately update their devices to macOS Big Sur 11.4.
The vulnerability was discovered by a cybersecurity firm Jamf during the research of XCSSET malware, which was initially found in 2020. Hackers found a workaround for the operating system’s Transparency Consent and Control (TCC) feature to gain access to already approved apps. The TCC feature is used to raise “a flag when an app is doing something that might affect users’ privacy, such as taking photos or recording keystrokes, asking for explicit permission from the user before any action is taken.”
Update to macOS Big Sur 11.4 to eliminate malware that can access the microphone, camera, and more
The report explains how the exploitation could breach security.
For instance, according to Jamf, the malware could create an app within Zoom, the hugely popular videoconferencing app, that would secretly record what’s happening on the screen. Because the malicious app effectively hooked into Zoom, which already had permission to carry out the screen recording, no prompt warning about the action would land on the Mac users’ screen, according to Jamf. Thus far the hackers have only been seen abusing the flaw to take screenshots, but the same exploit could be abused to pilfer files, record audio over the microphone or take images via the Mac’s camera, Jamf said
Recently, users’ security and privacy were under great discussion during the Epic vs. Apple antitrust trial. Speaking of iOS, Apple said that it has built a safe and secure digital marketplace to users comparison by implementing certain security layers to vet software that is missing on macOS. Thus, making macOS more susceptible to malware. In his testimony, Apple Head of Software Craig Ferderighi admitted that due to macOS openness and flexibility, “today we have a level of malware we don’t find acceptable on the Mac” and “it’s an endless game of whackamole malware.”
Fortunately, the vulnerability has been patched in the recent macOS Big Sur 11.4 and that is why users are asked to update as soon as they can.
The weakness has been addressed in the latest version of macOS, Big Sur 11.4, released on Monday, Apple confirmed to Forbes. Users will now be asked whether or not they want such app processes to run.
Other features included in the macOS Big Sur 11.4 are:
“macOS Big Sur 11.4 adds Apple Podcasts subscriptions and channels and includes important bug fixes.
•Apple Podcasts subscriptions are available for purchase via monthly and annual subscriptions
•Channels group together collections of shows from podcast creators
This release also fixes the following issues:
•Bookmarks in Safari may get reordered or moved into a folder that can appear hidden
•Certain websites may not display correctly after your Mac wakes from sleep
•Keywords may not be included when exporting a photo from the Photos app
•Preview may become unresponsive when searching PDF documents
•16-inch MacBook may become unresponsive when playing Civilization VI”