A newly discovered flaw in the macOS operating system could allow intruders to take screenshots, record video, or access files on a hard drive without the machine owner’s knowledge.
A report from cybersecurity research firm Jamf says the bypass performs an end-run around a privacy feature known as Transparency Consent and Control, which controls the resources applications have access to, as a privacy safeguard. (This is the feature that asks for a user’s permission when an app wants access to the camera or microphone, for example.)
A type of malware, dubbed XCSSET, which was first discovered last year, has found a way to use permissions obtained by other apps to bypass TCC, giving it broad access to infected Macs.
“The detection team noted that once installed on the victim’s system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions,” Jamf wrote.
That’s especially troublesome in an environment where people are working from home and using their Macs for activities such as Zoom calls, which can be especially vulnerable. In one example Jamf illustrated, the malware was able to hook into Zoom and record the user’s screen without any sort of prompt.
Apple already has issued a patch to keep XCSSET from using this vulnerability and is encouraging anyone running macOS 11.4 or later to download it immediately.
This isn’t the first security issue for Apple this year. Security experts sounded a warning that a feature tied with AirDrop could put the personal information of 1.5 billion users at risk in April. And earlier this month, the company’s data policies in China came under scrutiny.
Our mission to make business better is fueled by readers like you. To enjoy unlimited access to our journalism, subscribe today.