Apple Reported a Bug That Allowed Malware to Record Mac's Screen

Apple Disclosed a Bug That Allowed Malware to Record Mac’s Screen

Mac users recently learned that hackers might have silently taken screenshots of their laptop desktops jeopardizing their privacy.

On the flip side, Apple has just rolled out the fix for this bug.

In an official notice, Apple said it has released security updates for macOS to patch a flaw in its privacy preferences that “may have been actively exploited.” Apple said the bug allowed malicious apps to record Mac’s screen.

The large update addressed 73 vulnerabilities. The one we focus in this post is tracked as CVE-2021-30713 and was found in Mac’s feature called Transparency Consent and Control (TCC) framework by exploiting which malware could bypass system privacy controls.  

“Apple is aware of a report that this issue may have been actively exploited,” the company said

You saw TCC in action when it showed dialog prompts about security and privacy-sensitive actions – an app recording screen or apps requesting access to the webcam or microphone.

According to a security firm Jamf that has issued a report, the bypass is being actively exploited by the XCSSET malware. 

“The detection team noted that once installed on the victim’s system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions,” the firm’s researchers said.

In line with this, in August, Trend Micro reported XCSSET was targeting Mac developers via infected Xcode projects. The malware abuses an app by attempting to inherit its permissions. 

“During Jamf’s testing, it was determined that this vulnerability is not limited to screen recording permissions either. Multiple different permissions that have already been provided to the donor application can be transferred to the maliciously created app,” Jamf noted. “The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent – which is the default behavior.”

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.