It’s time to update your Apple Mac again, as malware that secretly takes screenshots has been spotted exploiting a serious weakness in macOS security. The flaw could be abused to record video or access files on Macs too, making patching more urgent.
The discovery was made by cybersecurity company Jamf during research into the XCSSET malware, first discovered in 2020. The hackers who created the spyware discovered they could get around a macOS privacy feature known as Transparency Consent and Control. The TCC is the feature that raises a flag when an app is doing something that might affect users’ privacy, such as taking photos or recording keystrokes, asking for explicit permission from the user before any action is taken. The malware coders found a way to hijack other apps’ permissions, ones that have already been approved by the user.
For instance, according to Jamf, the malware could create an app within Zoom, the hugely popular videoconferencing app, that would secretly record what’s happening on the screen. Because the malicious app effectively hooked into Zoom, which already had permission to carry out the screen recording, no prompt warning about the action would land on the Mac users’ screen, according to Jamf. Thus far the hackers have only been seen abusing the flaw to take screenshots, but the same exploit could be abused to pilfer files, record audio over the microphone or take images via the Mac’s camera, Jamf said.
The weakness has been addressed in the latest version of macOS, Big Sur 11.4, released on Monday, Apple confirmed to Forbes. Users will now be asked whether or not they want such app processes to run.
What’s motivating mysterious Apple Mac hackers?
Jaron Bradley, a Mac expert at cybersecurity company Jamf, told Forbes it isn’t yet clear what is…