Skip to main content

macOS Big Sur 11.4 fixes bug that could see secret screenshots taken

16-inch MacBook Pro vs. 13-inch vs. Air
16-inch MacBook Pro vs. 13-inch vs. Air (Image credit: Rene Ritchie / iMore)

What you need to know

  • Apple's recent macOS Big Sur 11.4 release fixes a critical security bug.
  • Attackers could have been able to take screenshots without the user knowing.

Apple's recent macOS Big Sur 11.4 release brought with it a fix for a critical security flaw that could have seen attackers able to take screenshots without the user being aware. Those same attackers could also have been able to record a user's screen, all by piggybacking off apps like Zoom amongst others.

The flaw itself was highlighted by device management outfit Jamf via a detailed blog post that goes into exactly what was going on and how attackers could have exploited the flaw. That flaw allowed an attacker to bypass key macOS privacy settings, allowing Full Disk Access and other permissions that would normally require a user's consent.

In the latest macOS release (11.4), Apple patched a zero-day exploit (CVE-2021-30713) which bypassed the Transparency Consent and Control (TCC) framework. This is the system that controls what resources applications have access to, such as granting video collaboration software access to the webcam and microphone, in order to participate in virtual meetings. The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user's explicit consent — which is the default behavior. We, the members of the Jamf Protect detection team, discovered this bypass being actively exploited during additional analysis of the XCSSET malware, after noting a significant uptick of detected variants observed in the wild.

The news that the exploit had been used isn't great, but Apple has now fixed the issue and as ever we'd suggest making sure that you update to the latest available build of macOS to make sure you're fully protected. You can also read more about the ins and outs of what went down over in that Jamf blog post, too.

Now that another security flaw has been fixed, why not check out some of the best iMac deals and treat yourself to one of those gorgeous, colorful computers?

Oliver Haslam
Contributor

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.

Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.