macOS Big Sur 11.4 Addresses Vulnerability That Could Let Attackers Take Secret Screenshots

macOS Big Sur 11.4, which was released this morning, addresses a zero-day vulnerability that could allow attackers to piggyback off of apps like Zoom, taking secret screenshots and surrepetiously recording the screen.

jamf malware secret screenshots
Jamf, a mobile device management company, today highlighted a security issue that allowed Privacy preferences to be bypassed, providing an attacker with Full Disk Access, Screen Recording, and other permissions without a user's consent.

The bypass was actively exploited in the wild, and was discovered by Jamf when analyzing XCSSET malware. The XCSSET malware has been out in the wild since 2020, but Jamf noticed an uptick in recent activity and discovered a new variant.

Once installed on a victim's system, the malware was used specifically for taking screenshots of the user's desktop with no additional permissions required. Jamf said that it could be used to bypass other permissions as well, as long as the donor application the malware piggybacked off of had that permission enabled.

Jamf has a full rundown on how the exploit worked, and the company says that Apple addressed the vulnerability in macOS Big Sur 11.4, Apple confirmed to TechCrunch that a fix has indeed been enabled in macOS 11.4, so Mac users should update their software as soon as possible.

Related Forum: macOS Big Sur

Top Rated Comments

Kung gu Avatar
20 months ago
11.4 also fixes excessive ssd writes.

PSA: The SSD disk write issues have been fixed in 11.4 which came out today. The person who found the issue in first place says it was a result of a kernel bug and he also says 11.4 addresses the issue.
Update to 11.4 if your on M1 macs.
Users on this thread also report lower disk writes on 11.4.


[MEDIA=twitter]1396374313591140357[/MEDIA]
Score: 17 Votes (Like | Disagree)
Apple_Robert Avatar
20 months ago

OK just read the report by JAMF. So it piggybacks on fake Xcode projects, then requires the user to grant access through the Terminal and also through System Preferences. I'm glad this was found and dealt with, but it seems like it's a pretty weak exploit since nearly all of these behaviors should alert a user with more than 2 brain cells to stop the process
Unfortunately, a lot of people click accept without really thinking about what they are giving system access to and for what reason.
Score: 11 Votes (Like | Disagree)
deevey Avatar
20 months ago

Unfortunately, a lot of people click accept without really thinking about what they are giving system access to and for what reason.
And that folks, is why iOS should remain locked down tight :)
Score: 10 Votes (Like | Disagree)
Rigby Avatar
20 months ago

I assume this will be backported?
According to the post by JAMF it only affects MacOS 11. The security updates for Mojave ('https://support.apple.com/en-us/HT212531') and Catalina ('https://support.apple.com/en-us/HT212530') that also came out today do not list it.
Score: 8 Votes (Like | Disagree)
Guyferd Avatar
20 months ago

So how was it installed? The usual pirated software? Tricking users into downloading it as a fake utility or game?
OK just read the report by JAMF. So it piggybacks on fake Xcode projects, then requires the user to grant access through the Terminal and also through System Preferences. I'm glad this was found and dealt with, but it seems like it's a pretty weak exploit since nearly all of these behaviors should alert a user with more than 2 brain cells to stop the process
Score: 8 Votes (Like | Disagree)
TheYayAreaLiving ? Avatar
20 months ago
Thank you for the heads up. Hide your identity and yourself people!!!



Attachment Image
Score: 7 Votes (Like | Disagree)

Related Stories

macOS Big Sur Feature Blue

Apple Seeds Second Release Candidate Version of macOS Big Sur 11.5 to Developers

Monday July 19, 2021 10:40 am PDT by
Apple today seeded a second release candidate version of an upcoming macOS Big Sur 11.5 update to developers for testing purposes, with the new update coming one week after the release of the first RC version. Developers can download the ‌‌‌‌macOS Big Sur‌‌‌‌ 11.5 beta using the Software Update mechanism in System Preferences after installing the proper profile from the Apple ...
macOS Big Sur Feature Blue

Apple Seeds Fourth Beta of macOS Big Sur 11.5 to Developers

Tuesday June 29, 2021 10:14 am PDT by
Apple today seeded the fourth beta of an upcoming macOS Big Sur 11.5 update to developers for testing purposes, with the new beta coming two weeks after the release of the third macOS Big Sur 11.5 beta. Developers can download the ‌‌‌‌macOS Big Sur‌‌‌‌ 11.5 beta using the Software Update mechanism in System Preferences after installing the proper profile from the Apple...
General iOS 14

iOS 14.7.1 and macOS Big Sur 11.5.1 Patch Security Vulnerability That May Have Been Actively Exploited

Monday July 26, 2021 11:55 am PDT by
Apple today released unexpected iOS 14.7.1 and iPadOS 14.7.1 updates to the public, and according to a newly released support document, the software addresses a serious security vulnerability that may have been exploited in the wild. Apple says that an application may have been able to execute arbitrary code with kernel privileges due to a memory corruption issue. "Apple is aware of a report ...
macOS Big Sur Feature Blue

Apple Seeds Release Candidate Version of macOS Big Sur 11.5 to Developers

Tuesday July 13, 2021 10:19 am PDT by
Apple today seeded the release candidate version of an upcoming macOS Big Sur 11.5 update to developers for testing purposes, with the new beta coming one week after the release of the fifth macOS Big Sur 11.5 beta. Developers can download the ‌‌‌‌macOS Big Sur‌‌‌‌ 11.5 beta using the Software Update mechanism in System Preferences after installing the proper profile from the ...
macOS Big Sur Feature Orange

Apple Releases macOS Big Sur 11.5.2 With Bug Fixes

Wednesday August 11, 2021 10:17 am PDT by
Apple has released a new macOS Big Sur 11.5.2 update, delivering unspecified bug fixes for Mac users running the latest major operating system version. The update comes a little over two weeks after Apple released macOS 11.5.1. The new ‌‌‌‌‌‌‌macOS Big Sur‌‌‌‌‌‌ 11.5.2 update can be downloaded for free on all eligible Macs using the Software Update section of System ...
macOS Big Sur Feature Triad

Apple Releases macOS Big Sur 11.6.1 With Security Fixes

Tuesday October 26, 2021 12:53 am PDT by
Apple today released macOS Big Sur 11.6.1, a minor update to the macOS Big Sur operating system that first came out in November 2020. macOS Big Sur 11.6.1 comes roughly six weeks after the launch of macOS Big Sur 11.6. The new ‌‌‌‌‌‌‌macOS Big Sur‌‌‌‌‌‌ 11.6.1 update can be downloaded to all eligible Macs using the Software Update section of System Preferences....
macOS Big Sur Feature Triad

Apple Releases macOS Big Sur 11.5.1 With Security Updates

Monday July 26, 2021 10:20 am PDT by
Apple today released macOS Big Sur 11.5.1, a minor bug fix update that comes close to one week after the launch of macOS Big Sur 11.5. The new ‌‌‌‌‌‌macOS Big Sur‌‌‌‌‌ 11.5.1 update can be downloaded for free on all eligible Macs using the Software Update section of System Preferences. According to Apple, macOS Big Sur 11.5.1 brings important security updates and is...
macOS Big Sur Feature Triad

Apple Releases macOS Big Sur 11.6 With Security Fixes

Monday September 13, 2021 10:20 am PDT by
Apple today released macOS Big Sur 11.6, the sixth major update to the macOS Big Sur operating system that first launched in November 2020. macOS Big Sur 11.6 comes a month after the release of macOS Big Sur 11.5.2, a bug fix update. The new ‌‌‌‌‌‌macOS Big Sur‌‌‌‌‌ 11.6 update can be downloaded all eligible Macs using the Software Update section of System Preferences. ...

Popular Stories

iphone 14 pro hands snowflakes 1

Best Black Friday iPhone Deals Still Available

Wednesday November 23, 2022 1:55 pm PST by
Cellular carriers have always offered big savings on the newest iPhone models during the holidays, and Black Friday 2022 is no different. Right now we're tracking notable offers on the iPhone 14 and iPhone 14 Pro devices from AT&T, Verizon, and T-Mobile. For even more savings, keep an eye on older models like the iPhone 13. Note: MacRumors is an affiliate partner with some of these vendors....
apple watch gold ornaments

Best Black Friday Apple Watch Deals Still Available

Wednesday November 23, 2022 9:31 am PST by
We're tracking all of the best Apple product discounts for Black Friday this week, and the Apple Watch always makes a great gift around the holiday season, so you're guaranteed to find solid discounts right now. In this article, you'll discover the best Black Friday sales on Apple Watch Series 8, Apple Watch SE, and Apple Watch Ultra. Note: MacRumors is an affiliate partner with some of these...
new airpods lineup black friday

Best Black Friday AirPods Deals Still Available

Tuesday November 22, 2022 10:01 am PST by
Although we've been tracking Black Friday deals for a few weeks now, the shopping holiday is officially kicking off this week and we're highlighting the best sales for each of Apple's product lines. In this article, you'll find the best Black Friday sales on AirPods 2, AirPods 3, AirPods Pro, AirPods Pro 2, and AirPods Max. Note: MacRumors is an affiliate partner with some of these vendors....
ipad holiday bulbs

Best Black Friday iPad Deals Still Available

Thursday November 24, 2022 12:25 pm PST by
Black Friday deals have been in full swing for the better part of a month, and now that the shopping holiday is officially here we're seeing even more solid discounts on Apple devices. We're highlighting the best sales for all of Apple's product lines, and in this article you'll find the best Black Friday sales on iPad, iPad Pro, iPad Air, and iPad mini. Note: MacRumors is an affiliate partner ...
mac imac snowflakes

Best Black Friday iMac and MacBook Deals Still Available

Thursday November 24, 2022 1:07 pm PST by
Our Black Friday coverage continues today with the best deals you can find on MacBook Pro, MacBook Air, and iMac. As with all Black Friday deals, we aren't sure how long any of these will last, and prices are always fluctuating, so if you see something you want, be sure to buy it soon. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a...
General Black Friday Deals 2022 Green

All the Apple Black Friday Deals You Can Still Get

Friday November 25, 2022 4:40 am PST by
Although Black Friday is now technically over, many Apple products are still seeing major discounts. In this article, you'll find every Apple device with a notable Black Friday sale that's still available. We'll be updating as prices change and new deals arrive, so be sure to keep an eye out if you don't see the sale you're looking for yet. Note: MacRumors is an affiliate partner with some of...
General Black Friday Deals 2022 Blue

All the Apple Black Friday Deals You Can Get Right Now: AirPods, Apple TV, Mac, iPad, and More

Saturday November 19, 2022 8:00 am PST by
Last week was jam-packed with early Black Friday deals, and now that the shopping holiday is right around the corner, we're going back through all of the best sales you might have missed over the past week and updating as prices change and new deals arrive. As with all holiday shopping, there's no guarantee that better prices won't come around later in the season, but if you want to shop early,...
Best Buy November Deals Hero

Best Buy Reveals Black Friday Plans With Sitewide Sales Available Now

Tuesday November 22, 2022 3:49 pm PST by
Following in the footsteps of Target and Walmart, Best Buy this week detailed its plans for the Black Friday shopping holiday and its schedule looks a lot like other retailers. In terms of sales, Best Buy has the expected list of TVs, appliances, video games, computers, streaming devices, and more. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a...