Malware exploited macOS zero-day flaw to secretly take screenshots. Update to Big Sur 11.4 now

Apple Mac users are being advised to update their operating system as a matter of priority, after malicious hackers have discovered a way of bypassing the privacy protections built into Apple Macs.

The vulnerability, allows attackers to gain permissions on vulnerable Macs without users’ granting explicit consent.

Specifically, as security researchers at Jamf explain, versions of the XCSSET malware hunt for installed apps for which the targeted user may already have granted permission to take a screenshot as part of their normal operations (such as Zoom, Discord, Skype and TeamViewer).

The malware, which is written in AppleScript, then injects malicious commands into the legitimate apps – telling them to take snapshots of the user’s screen.

As Jamf describes, the malicious code has been carefully written in an attempt to avoid raising suspicions from the security mechanisms built into macOS by Apple:

“Much of the time the malware author leverages AppleScripts in their attack chain due to the facility in which it handles many bash commands, even downloading and/or executing Python scripts in an effort to obfuscate their intentions through a confusing use of various scripting languages.”

According to the researchers, the technique can be used for not just recording victim’s screens, but also accessing microphones, webcams, or capturing keypresses – all without the user granting consent.

It’s easy to imagine how exploitation of the vulnerability could allow an attacker to steal sensitive information such as passwords as well as snoop upon private communications.

According to reports, the principal targets of the XCSSET malware have been Mac developers – with malicious code injected into Xcode projects, that are sometimes later shared with the Mac development community on GitHub.

Any developers relying on the code hosted in affected GitHub repositories for their own projects are thus unwittingly assisting a supply-chain attack.

Fortunately, this week Apple has released macOS Big Sur 11.4 which, aside from the normal bug fixes, contains a patch for the permission-busting security hole exploited by the XCSSET malware.

To update your Mac or MacBook, choose “System Preferences” from the Apple menu in the top-left of the screen. Then click “Software Update” to see if any updates are available and follow instructions.

To install future updates automatically, select the option to “Automatically keep my Mac up to date”.