Along with iOS 14.6 release today, Apple released macOS Big Sur 11.4. The new update brings podcast subscriptions, Apple Music Lossless audio support, and much more to the Mac. A new report claims that Apple patched a vulnerability on macOS 11.4 that allowed hacks to take screenshots and screen recordings without users’ consent.
According to a report published by Jamf, Apple patched a zero-day vulnerability in macOS Big Sur 11.4 that allowed hackers to ‘secretly’ take screenshots or record video of a user’s screen by hijacking existing app permissions.
A flaw in macOS allowed hackers to take control of Apple’s Transparency Consent and Control framework, which maintains what system functions third-party applications can access. This essentially allowed hackers to gain access to permission like Full Disk Access, Screen Recordings, and other permissions without the user’s explicit consent. Normally, third-party apps are required to ask for access to these permissions.
Jamf says that the vulnerability appears to have been actively exploited in the wild. It discovered the flaw while researching a strain of Mac malware dubbed XCSSET, which targets macOS developers through infected Xcode projects.
The vulnerability could have allowed a hacker ‘to create an app’ inside another app. For instance, a hacker could have created an app inside Zoom — the popular video conferencing app — and since the Zoom app already has recording permissions, it would have recorded the screen without the user knowing about it. So far, Jamf notes, hackers have only been seen using the flaw to take screenshots.
In a statement to Forbes, Apple ‘stressed’ that the issue only affected users who downloaded and installed applications outside of the Mac App Store. Apple says that all applications downloaded from the App Store were not affected by the vulnerability.
The vulnerability has been patched in the latest update. So we advise you to update your Mac as soon as possible. To update your Mac, click on the Apple logo on the top left corner, click on About this Mac, and then on Software Update.
[Via Jamf, Forbes]