Update to macOS 11.4 NOW - Someone Could Be Spying On You
Jamf, a mobile device management company, raised a major security issue in macOS Big Sur that allowed attackers to piggyback apps like Zoom to surreptitiously take screenshots and record the screen. The exploit allowed a user's Privacy preferences to be bypassed, giving an attacker Full Disk Access, Screen Recording capability, and other permissions without consent.
The security bypass, which has apparently been actively used to attack users' systems, was discovered by Jamf when analyzing XCSSET malware. This malware targeted Mac developers by infecting Xcode projects so that it could be further spread through Github repositories to expand its reach. The XCSSET malware has been out in the wild since last year, but Jamf noticed a recent uptick in its activity and discovered this new permission-related variant.
Once installed on a victim's system, the malware can be used to take screenshots of the user's screen without the need for additional permissions. Jamf said that it could be used to bypass other permissions as well, as long as the donor application the malware piggybacked off of had that particular permission enabled.
Jamf has published a full rundown on how the exploit works, and the company says that Apple addressed the zero-day vulnerability in macOS Big Sur 11.4. Apple has since confirmed to TechCrunch that a fix has indeed been enacted in macOS 11.4, so Mac users should update their software as soon as possible to avoid being victimized.