Apple has just fixed a zero-day vulnerability for macOS Big Sur 11.4. Earlier proofs of concept showed that attackers can secretly intercept screens or record videos by hijacking the permissions of existing applications. The Jamf security researchers first to expose the matter said: In order to control which system functions applications can access, Apple specifically implemented a “transparent permission and control” framework in macOS, but the zero-day vulnerability still opened the door for such attacks.
To make matters worse, Jamf pointed out that the vulnerability appears to have been actively exploited in the wild. They discovered the flaw while studying the Mac malware named XCSSET. It is known that XCSSET used the infected Xcode project to make macOS developers lie down.
After using this vulnerability to hijack the permissions of other applications, the malware will enable the attacker to achieve many purposes, such as hooking into the Zoom cloud video conferencing software with video recording permissions. However, only when the vulnerability is used to take screenshots, it will be noticed by users.
Fortunately, Apple has released this vulnerability patch for macOS Big Sur 11.4 this Monday. At the same time, macOS Mojave and Catalina also ushered in two security updates.
Apple emphasized in a statement to Forbes that the vulnerability only affects users who download applications through channels other than the official Mac App Store.
Earlier, Craig Federighi, Apple’s head of software engineering, also stated in his testimony in the Epic v. App Store case that the situation of malware on the Mac platform is unacceptable compared to iOS mobile devices.
Manager at Research Snipers, RS-NEWS, Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.