Apple recently released their macOS Big Sur 11.4 software update for the Mac, the update comes with some new features and it also comes with some bug fixes and performance improvements.
Also included in the update are some security updates for vulnerabilities and one that has been fixed is a zero day vulnerability that could allow hackers to take screenshot and record your screen. The hack could piggyback off apps like Zoom.
The exploit was discovered by mobile management company Jamf who revealed some details about the exploit, which you can see below.
In the latest macOS release (11.4), Apple patched a zero-day exploit (CVE-2021-30713) which bypassed the Transparency Consent and Control (TCC) framework. This is the system that controls what resources applications have access to, such as granting video collaboration software access to the webcam and microphone, in order to participate in virtual meetings. The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent — which is the default behavior. We, the members of the Jamf Protect detection team, discovered this bypass being actively exploited during additional analysis of the XCSSET malware, after noting a significant uptick of detected variants observed in the wild. The detection team noted that once installed on the victim’s system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions.
So if you haven’t updated to the new macOS Big Sur 11.4 software update it is recommend that you update as soon as possible.
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn more.