What you need to know
- Apple's recent macOS Big Sur 11.4 release fixes a critical security bug.
- Attackers could have been able to take screenshots without the user knowing.
Apple's recent macOS Big Sur 11.4 release brought with it a fix for a critical security flaw that could have seen attackers able to take screenshots without the user being aware. Those same attackers could also have been able to record a user's screen, all by piggybacking off apps like Zoom amongst others.
The flaw itself was highlighted by device management outfit Jamf via a detailed blog post that goes into exactly what was going on and how attackers could have exploited the flaw. That flaw allowed an attacker to bypass key macOS privacy settings, allowing Full Disk Access and other permissions that would normally require a user's consent.
In the latest macOS release (11.4), Apple patched a zero-day exploit (CVE-2021-30713) which bypassed the Transparency Consent and Control (TCC) framework. This is the system that controls what resources applications have access to, such as granting video collaboration software access to the webcam and microphone, in order to participate in virtual meetings. The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user's explicit consent — which is the default behavior. We, the members of the Jamf Protect detection team, discovered this bypass being actively exploited during additional analysis of the XCSSET malware, after noting a significant uptick of detected variants observed in the wild.
The news that the exploit had been used isn't great, but Apple has now fixed the issue and as ever we'd suggest making sure that you update to the latest available build of macOS to make sure you're fully protected. You can also read more about the ins and outs of what went down over in that Jamf blog post, too.
Now that another security flaw has been fixed, why not check out some of the best iMac deals and treat yourself to one of those gorgeous, colorful computers?