Apple addressed a vulnerability in macOS that could surreptitiously take screenshots |
Apple has addressed a serious flaw in its macOS operating system that could take a screenshot of a person's computer and take pictures of their activity in applications or video conferencing without the person's knowledge.
Apple addressed the vulnerability in the latest version of macOS Big Sur 11.4, which was released on Monday and was discovered by researchers at the company's network security firm Jamf.
Researchers said: They discovered that XCSSET spyware uses this vulnerability (tracked as CVE-2021-30713) to capture screenshots of a user's desktop without requiring additional permissions.
The researchers added: This activity was discovered during the analysis of XCSSET. They performed this surgery after seeing a significant increase in the variables observed. Apple has yet to enter specific details of the vulnerability in the CVE database.
XCSSET was first discovered by Trend Micro in 2020 for Apple developers, especially for their Xcode projects for programming and building applications.
Infecting these app development projects, developers mistakenly distribute malware to their users in what Trend Micro researchers call a supply chain attack.
Malware is constantly evolving, and new types also target Macs running on the latest M1 chip.
Once the malware runs on the victim's computer, it steals cookies from the Safari browser to access the victim's account online and installs an updated version of Safari that allows the attacker to modify nearly all websites and invasions.
It also took advantage of previously unknown vulnerabilities to covertly capture screen shots of the victim's screen.
Before any application (malicious or harmless) can record the screen, access the microphone or webcam, or operate a user's storage device, macOS must obtain the user's permission.
However, malware bypasses these permissions by inserting malicious code into the legitimate apps.
Jamf researchers explained that malware scans the victim's computer for other apps that usually grant screen sharing permissions such as Zoom, WhatsApp, and Slack, and in these apps the registration code is inserted on the victim's computer screen.
This allows malicious code to download legitimate apps and gain their permissions through macOS.
The malware uses the new certificate to sign the new application package to avoid reporting the Apple security precautions included in macOS.
The researchers said the malware circumvented the permissions to take screenshots of users' desktop computers, but cautioned that it was not limited to screen recordings.
The bug might have been used to access the victim's microphone or webcam, or to capture keystrokes such as passwords or credit card numbers.
It is not known how much Mac malware can penetrate with this technology, but Apple has confirmed that the bug has been fixed in macOS Big Sur 11.4.