Apple patched a critical vulnerability in its macOS operating system that could be exploited to take screenshots of a person’s computer and take pictures of their activity within applications or in video conferences without that person’s knowledge.
Apple addressed the vulnerability – discovered by researchers at enterprise cybersecurity firm Jamf – in the latest version of macOS Big Sur 11.4, released on Monday.
The researchers said: They discovered that the XCSSET spyware was using the vulnerability, which was tracked as CVE-2021-30713, for the purpose of capturing screenshots of the user’s desktop without the need for additional permissions.
The researchers added: This activity was discovered during the analysis of XCSSET, which they performed after noticing a significant increase in the detected variables that were observed, and Apple has not yet provided specific details about the vulnerability in its entry in the CVE database.
Was done Discovery XCSSET for the first time by Trend Micro in 2020 targeting Apple developers, specifically the Xcode projects they use for programming and building applications.
By infecting these app development projects, developers unwittingly distribute malware to their users, in what Trend Micro researchers describe as a supply chain attack.
Malware is undergoing constant development, with newer variants also targeting Macs running on the newest M1 chip.
Once the malware runs on the victim’s computer, it steals cookies from the Safari browser to access the victim’s online accounts, and installs an upgraded version of Safari, allowing attackers to modify and intrude on almost any website.
He was also exploiting a previously undiscovered exploit to covertly capture screen shots of the victim’s screen.
MacOS is supposed to ask permission from the user before allowing any app – malicious or otherwise – to record a screen, access a microphone or webcam, or open a user’s storage.
But the malware bypasses those permissions by injecting malicious code into legitimate apps.
Jamf researchers explained that the malware searches for other applications via the victim’s computer, which are frequently granted screen-sharing permissions, such as Zoom, WhatsApp, and Slack, and injects those applications with screen recording code.
This allows malicious code to download the legitimate app and gain its permissions via macOS.
The malware signs the new application package with a new certificate to avoid being reported through the security defenses Apple included in macOS.
The researchers said: The malicious program used to bypass permissions for the purpose of capturing screenshots of the user’s desktop, but they cautioned that this is not limited to screen recording.
The error may have been used to access the victim’s microphone, webcam, or capture keystrokes, such as passwords or credit card numbers.
It is not clear how many Macs malware has managed to penetrate using this technology, but Apple has confirmed that it has fixed the bug in macOS Big Sur 11.4.
Topics of interest to the reader: