Apple has just released the macOS Big Sur 11.4 update, which fixes a flaw in particular zero-day discovered by scanning for XCSSET malware. The user can take screenshots without asking permission.
Only a month after having corrected a previous flaw in its operating system, Apple has just released a new update to counter a malware. A vulnerability zero-day allows a application to pretend to be someone else, and thus obtain permissions without asking the user.
The fault was discovered by the jamf company by analysing le malware XCSSET, which was first detected in 2020 by Trend Micro. This program targets Apple developers in order to infect their applications which will then be distributed to users. It then exploits two vulnerabilities zero-day to steal cookies in Safari in order to access user accounts, and to install a development version of Safari. The malware is still in active development and has been adapted to new devices with processors. M1.
A flaw ” zero-day » tapped to take screenshots
XCSSET also uses a third vulnerability zero-day to take screenshot. To access this function, a program on macOS should normally ask the user for permission. To get around this obstacle, the malware checks for the presence of applications that already have these permissions, such as Zoom. He then places his code inside the legitimate application, thus inheriting access to screenshot without having to request it.
The scanned version of the malware is limited to screenshots, but could just as easily access the microphone and webcam in the same way. Apple fixed this new flaw in the macOS Big Sur 11.4 update released yesterday. So remember to make sure that your Mac is up to date.
Interested in what you just read?