Apple Patches macOS Zero-Day Bug Allowing Malware to Take Screenshots

Apple has patched a critical bug in macOS that could be exploited to take screenshots of someone’s computer and capture images of their activity within applications or on video conferences without that person knowing.

A new report from TechCrunch explains that security researchers at Jamf, a security provider for Apple enterprise users, discovered the XCSSET malware exploiting the vulnerability, patched in Big Sur 11.4, to take photos of people’s computer screens without their knowing.

XCSSET used what at the time were two zero-days to infect Mac developers with malware that stole browser cookies and files; injected backdoors into websites; stole information from Skype, Telegram, and other installed apps; took screenshots; and encrypted files and showed a ransom note.

This activity was discovered during analysis of XCSSET that they made “after noting a significant uptick of detected variants observed in the wild,” researchers said.

On Monday, researchers with Jamf said that XCSSET has been exploiting a zero-day that had gone undetected until recently. The vulnerability resided in the Transparency Consent and Control framework, which requires user permission before an installed app can obtain system permissions to access the hard drive, microphone, camera, and other privacy- and security-sensitive resources.

XCSSET had been exploiting the vulnerability so it could bypass TCC protections and take screenshots without requiring user permission. Apple fixed CVE-2021-30713 on Monday with the release of macOS 11.4.

This is yet another malicious software bug that has slipped through macOS’ reputable security defenses. Apple isn’t happy about this, as the head of software engineering, Craig Federighi, recently stated that the Cupertino giant has a “level of malware on the Mac that we don’t find acceptable.”