macOS 11.4 patches vulnerability allowing malware to take unsolicited screenshots
Apple recently released an update for macOS (macOS Big Sur version 11.4) which patched a critical vulnerability that allowed bad actors to take screenshots without the users' knowledge. Updating to the said version also brings increased support for external GPUs and fixes some bugs in the Safari web browser. Additionally, it lays the foundation for upcoming Apple Music features. Here are more details.
macOS update lays groundwork for upcoming Apple Music features
While macOS version 11.3 brought M1 chip optimizations and AirTag support for Apple's computers, the new update is the fourth since Big Sur launched in November 2020. Version 11.4 reportedly lays the foundation for Apple Music to support Spatial Audio with Dolby Atmos and lossless audio. These features are coming soon to devices running macOS.
Although malware was found taking screenshots, it had unrestricted access
With that out of the way, Jamf reported that the XCSSET malware was found exploiting a vulnerability that granted it access to the device's camera, webcam, and screen recording without ever seeking the user's consent. Although the malware was only found taking unauthorized screenshots, it could let bad actors attack storage devices, record the screen, record keystrokes, and access the webcam and microphone.
Supply-chain style attack distributed malware using unwitting developers' code
The malware was first spotted by Trend Micro, targeting Apple's developers in 2020. At the time, it targeted the developers' Xcode projects so they unwittingly distributed the malware when the projects were uploaded to GitHub. The malware identifiable by code CVE-2021-30713 was coded in AppleScript to avoid detection. TechCrunch reports that it injected malicious code into legitimate applications, inheriting legitimately granted permissions across macOS.
Apple has fixed vulnerability that allowed malware to take screenshots
The malware usually targeted apps, such as Slack, Zoom, and WhatsApp, which are given screen-sharing permissions. Bad actors could use the malware to steal banking information, commit identity theft, and numerous other crimes. Thankfully, Apple claims that macOS version 11.4 has fixed the vulnerability that the malware was using. We recommend users to install the update as soon as it is available for them.
