Mac users recently learned that hackers might have silently taken screenshots of their laptop desktops jeopardizing their privacy.
On the flip side, Apple has just rolled out the fix for this bug.
In an official notice, Apple said it has released security updates for macOS to patch a flaw in its privacy preferences that “may have been actively exploited.” Apple said the bug allowed malicious apps to record Mac’s screen.
The large update addressed 73 vulnerabilities. The one we focus in this post is tracked as CVE-2021-30713 and was found in Mac’s feature called Transparency Consent and Control (TCC) framework by exploiting which malware could bypass system privacy controls.
“Apple is aware of a report that this issue may have been actively exploited,” the company said.
You saw TCC in action when it showed dialog prompts about security and privacy-sensitive actions – an app recording screen or apps requesting access to the webcam or microphone.
According to a security firm Jamf that has issued a report, the bypass is being actively exploited by the XCSSET malware.
“The detection team noted that once installed on the victim’s system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions,” the firm’s researchers said.
In line with this, in August, Trend Micro reported XCSSET was targeting Mac developers via infected Xcode projects. The malware abuses an app by attempting to inherit its permissions.
“During Jamf’s testing, it was determined that this vulnerability is not limited to screen recording permissions either. Multiple different permissions that have already been provided to the donor application can be transferred to the maliciously created app,” Jamf noted. “The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent – which is the default behavior.”