Apple has just released the macOS Big Sur 11.4 update, which fixes a flaw in particular zero-day discovered by scanning for XCSSET malware. The user can take screenshots without asking permission.
Only a month after havingin its operating system, Apple has just released a new update to counter a . A vulnerability zero-day allows a to pretend to be someone else, and thus obtain permissions without asking the user.
The fault was discovered by theby analysing XCSSET, which was first detected in 2020 by Trend Micro. This program targets Apple developers in order to infect their applications which will then be distributed to users. It then exploits two vulnerabilities zero-day to steal cookies in Safari in order to access user accounts, and to install a development version of Safari. The malware is still in active development and has been adapted to new devices with processors. .
A flaw ” zero-day » tapped to take screenshots
XCSSET also uses a third vulnerability zero-day to take. To access this function, a program on macOS should normally ask the user for permission. To get around this obstacle, the malware checks for the presence of applications that already have these permissions, such as . He then places his code inside the legitimate application, thus inheriting access to without having to request it.
The scanned version of the malware is limited to screenshots, but could just as easily access the microphone and webcam in the same way.fixed this new flaw in the macOS Big Sur 11.4 update released yesterday. So remember to make sure that is up to date.