macOS Big Sur 11.4 Addresses Vulnerability That Could Let Attackers Take Secret Screenshots
macOS Big Sur 11.4, which was released this morning, addresses a zero-day vulnerability that could allow attackers to piggyback off of apps like Zoom, taking secret screenshots and surrepetiously recording the screen.
Jamf, a mobile device management company, today highlighted a security issue that allowed Privacy preferences to be bypassed, providing an attacker with Full Disk Access, Screen Recording, and other permissions without a user's consent.
The bypass was actively exploited in the wild, and was discovered by Jamf when analyzing XCSSET malware. The XCSSET malware has been out in the wild since 2020, but Jamf noticed an uptick in recent activity and discovered a new variant.
Once installed on a victim's system, the malware was used specifically for taking screenshots of the user's desktop with no additional permissions required. Jamf said that it could be used to bypass other permissions as well, as long as the donor application the malware piggybacked off of had that permission enabled.
Jamf has a full rundown on how the exploit worked, and the company says that Apple addressed the vulnerability in macOS Big Sur 11.4, Apple confirmed to TechCrunch that a fix has indeed been enabled in macOS 11.4, so Mac users should update their software as soon as possible.
Related Stories
Apple today released macOS Big Sur 11.2, the second major update to the macOS Big Sur operating system that launched in November. macOS Big Sur 11.2 comes more than a month after the release of macOS Big Sur 11.1.
The new macOS Big Sur 11.2 update can be downloaded for free on all eligible Macs using the Software Update section of System Preferences.
According to Apple's...
Apple today seeded the second beta of an upcoming macOS Big Sur 11.4 update to developers for testing purposes, with the new beta coming two weeks after the release of the first macOS Big Sur 11.4 beta.
Developers can download the macOS Big Sur 11.4 beta using the Software Update mechanism in System Preferences after installing the proper profile from the Apple Developer...
Apple today seeded the first public betas of iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to public beta testers, one day after seeding first betas to developers.
Public beta testers who have signed up for the beta testing program can download the iOS and iPadOS 14.7 updates over the air after installing the proper certificate from the Public Beta website on an iOS device. macOS Big Sur...
Alongside iOS 14.5.1 and watchOS 7.4.1, Apple today also released macOS Big Sur 11.3.1, which the company says "provides important security updates".
According to the full security notes for the release, it addresses a memory corruption issue and an integer overflow in WebKit that could both be exploited using maliciously crafted web content. Apple says it aware of a report that these issues ...
A sudo bug that can grant an attacker root access has been discovered to affect macOS Big Sur (via ZDNet).
The security vulnerability, identified last week as "CVE-2021-3156" by the Qualys Security Team, affects sudo, which is a program that allows users to run commands with the security privileges of another user, such as an administrator. The bug triggers a "heap overflow" in sudo that...
Apple today seeded the first beta of an upcoming macOS Big Sur 11.4 update to developers for testing purposes, with the new beta coming while the macOS 11.3 beta is still in testing. Developers can download the macOS Big Sur 11.4 beta using the Software Update mechanism in System Preferences after installing the proper profile from the Apple Developer Center.
According...
Apple's recently released macOS Big Sur 11.4 update addresses a serious security vulnerability, so all users should complete the software update immediately.
Jamf, a mobile device management company, raised a major security issue in macOS Big Sur that allowed attackers to piggyback apps like Zoom to surreptitiously take screenshots and record the screen. The exploit allowed a user's Privacy...
Apple today released macOS Big Sur 11.4, the fourth major update to the macOS Big Sur operating system that launched in November 2020. macOS Big Sur comes one month after the release of macOS Big Sur 11.3, an update that added M1 optimizations, AirTag integration, and more.
The new macOS Big Sur 11.4 update can be downloaded for free on all eligible Macs using the...
Apple today seeded a third RC version of an upcoming macOS Big Sur 11.2 update to developers for testing purposes, with the new update coming a week after the second RC and more than two months after initial macOS Big Sur release.
Developers can download the updated macOS Big Sur 11.2 release candidate using the Software Update mechanism in System Preferences after installing the ...
Apple today released macOS Big Sur 11.2.3, the fifth update to the macOS Big Sur operating system that launched in November. macOS Big Sur 11.2.3 comes two weeks after the release of macOS 11.2.2, a bug fix update.
The new macOS Big Sur 11.2.3 update can be downloaded for free on all eligible Macs using the Software Update section of System Preferences.
Apple...
Top Rated Comments
PSA: The SSD disk write issues have been fixed in 11.4 which came out today. The person who found the issue in first place says it was a result of a kernel bug and he also says 11.4 addresses the issue.
Update to 11.4 if your on M1 macs.
Users on this thread also report lower disk writes on 11.4.
[MEDIA=twitter]1396374313591140357[/MEDIA]