Apple just fixed a security flaw that allowed malware to take screenshots on Macs


Apple has released security updates for macOS that patches a flaw in its privacy preferences and “may have been actively exploited”, according to Apple and which could have allowed malicious apps to record a Mac’s screen 



a person using a laptop: Female hands of business woman professional student using laptop sit at home office desk typing on computer keyboard study work with pc software tech concept, online job and education, close up view


© Getty Images/iStockphoto

Female hands of business woman professional student using laptop sit at home office desk typing on computer keyboard study work with pc software tech concept, online job and education, close up view


It’s a rather large update addressing 73 vulnerabilities, including one in Transparency Consent and Control (TCC) framework, which allows malware to bypass system privacy controls.  Apple addressed the TCC bypass in macOS Big Sur version 11.4.

“Apple is aware of a report that this issue may have been actively exploited,” it said of the bug CVE-2021-30713 affecting TCC. 

Loading...

Load Error

SEE: Network security policy (TechRepublic Premium)

TCC provides the dialog prompts for security and privacy sensitive actions, such as an application recording a computer’s screen, or when giving apps access to the webcam and microphone.

Security firm Jamf has posted a report on the bug and says it found the bypass being actively exploited while analyzing the XCSSET malware. 

“The detection team noted that once installed on the victim’s system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions,” it said.

In August, Trend Micro found XCSSET was targeting Mac developers via infected Xcode projects.

The malware finds an app on the system and piggybacks on it, inheriting its permissions. 

“During Jamf’s testing, it was determined that this vulnerability is not limited to screen recording permissions either. Multiple different permissions that have already been provided to the donor application can be transferred to the maliciously created app,” Jamf noted.

“The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent – which is the default behavior.”

Apple also released security fixes in the iOS 14.6 update for iPhones and iPads, which included 30…

Source…