Apple patches screenshot-grabbing security exploit

Posted on Tuesday, May 25 2021 @ 11:53 CEST by Thomas De Maesschalck

Apple rolled out a security update for a zero-day vulnerability (CVE-2021-30713) that malware used to bypass macOS privacy protections. A piece of malware named XCSSET abused the vulnerability to take screenshots of infected Mac computers, without user permission. Apple fixed the vulnerability in macOS 11.4, which was published yesterday.

The malware exploited vulnerabilities in Xcode, via malicious projects, so it exclusively targeted software developers.

On Monday, researchers with Jamf, a security provider for Apple enterprise users, said that XCSSET has been exploiting a zeroday that had gone undetected until recently. The vulnerability resided in the Transparency Consent and Control framework, which requires explicit user permission before an installed app can obtain system permissions to access the hard drive, microphone, camera, and other privacy- and security-sensitive resources.

XCSSET had been exploiting the vulnerability so it could bypass TCC protections and take screenshots without requiring user permission. Apple fixed CVE-2021-30713 (as the vulnerability is tracked) on Monday with the release of macOS 11.4.

Full details at ARS Technica.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!