Apple, US tech giant, has sealed a security bug on macOS. The XCSSET malware could take screenshots of someone’s activity without their knowledge.
The report shows that researchers at Jafm, an enterprise cybersecurity company, discovered the critical issue. Hackers could use the malware to exploit it on video conferences or various applications.
It doesn’t require permission.
Jafm used macOS Big Sur 11.4 to unearth the CVE-2021-30713 vulnerability.
In a blog post, the company claims: “We, the members of the Jamf Protect detection team, discovered this bypass being actively exploited during additional analysis of the XCSSET malware, after noting a significant uptick of detected variants observed in the wild.”
It could go undetected by users for a long time since it doesn’t require any special permission to launch. It stealthily avoids the Transparency Consent and Control (TCC) that flags suspicious activity affecting user privacy. Examples include keystroke recording (keylogging) or taking photos.
Jafm explained further that the spyware exploits apps that you’ve previously permitted to carry out certain activities. For instance, it could create another application within a conference software like Zoom without any approval.
So far, taking screenshots is all that the malware can do. Hackers, however, could record audio or access pilfer files if the problem goes unchecked.
Apple still hasn’t addressed the issue on the CVE database.
What To Do?
Cyber threats are on the rise. Just last year, XCSSET coders used XCode to exploit unpatched vulnerabilities. Shlayer, the bug that bypassed quarantine and Gatekeeper, is also not to be underestimated.
Users should update their macOS with the latest security patches, and get an anti-malware solution like MacKeeper for an extra layer of security.