Apple's macOS 11.4 patches flaw that enabled surreptitious screenshots

article thumbnail

Apple in macOS Big Sur 11.4 patched a zero-day vulnerability that could allow attackers to secretly take screenshots or record video of a user's screen by hijacking existing app permissions.

The flaw bypassed Apple's Transparency Consent and Control framework, which controls what system functions applications can access, according to security researchers at Jamf, who first discovered the vulnerability.

Jamf notes that the vulnerability appears to have been actively exploited in the wild. It discovered the flaw while researching a strain of Mac malware dubbed XCSSET, which targets macOS developers through infected Xcode projects.

The vulnerability could allow an attacker to hijack permissions granted to other apps. For example, a malicious app could hook into Zoom — which already has recording permissions — and record a user's screen. Thus far, Jamf notes that attackers have only been seen using the flaw to take screenshots.

According to Jamf, Apple has issued a patch for the flaw in macOS Big Sur 11.4. Alongside that release on Monday, Apple also issued two security updates for macOS Mojave and macOS Catalina.

In a statement to Forbes, Apple stressed that the flaw was only a problem for users who downloaded applications outside of the Mac

News of the vulnerability comes a few days after Apple software engineering chief Craig Federighi blasted the Mac's security during his testimony in the Epic Games v. Apple trial. Federighi said that the Mac had an unacceptable level of malware compared to iOS.

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.