A bug in macOS allowed malware to take screenshots without notifying the user. Apple fixed that security flaw recently in its new update.
The zero-day in macOS Big Sur could allow an attacker to bypass Apple’s Consent and Control Framework and Transparency, that’s what some of the software company’s team, Jamf, detected.
The unusual bug detected for Macs, forced the US company, Apple to make certain security updates that affected in addition to macOS Big Sur, tvOS.
“Apple is aware of a report that this issue was actively exploited,” reads the tech giant’s security bulletin describing the flaws in macOS Big Sur and tvOS, respectively.
Details of Apple’s bug
The malware makes its way into the device piggybacks on legitimate apps “that already have the permissions to take screenshots or record the screen (think Zoom) without requiring user consent.”
“The detection team observed that once installed on the victim’s system, XCSSET was using this bypass specifically to take screenshots of the user’s desktop without requiring additional permissions,” said the software company, Jamf.
In addition to this flaw fixed by Apple, other security aspects linked to Apple TV vulnerabilities were also updated. Both vulnerabilities of the Apple were exploited by a threat actor using maliciously crafted web content and potentially lead to arbitrary code execution.