Apple patches macOS vulnerability exploited to bypass security defenses
Apple Inc. today released a security update for macOS Big Sur 11.4 to address a vulnerability that was being exploited to bypass macOS security defenses.
The vulnerability traces back to a discovery made by researchers at Trend Micro Inc. in August that found a form of malware dubbed XCSSET targeting Xcode projects. Further digging by researchers at Jamf found that a related, unpatched vulnerability was now being exploited to take screenshots secretly on Macs.
Using the vulnerability, hackers can get around a macOS privacy feature called Transparency Consent and Control. TCC is designed to flag an app is partaking in an activity that may affect a user’s privacy, such as taking photos or recording keystrokes. The feature asks users for permission before any action is taken and herein is where the issue occurs.
Through the vulnerability, hackers can leverage an installed application with permissions set, allowing them to piggyback on a donor app when creating a malicious app. In doing so, TCC doesn’t prompt a user for approval.
In an example given, hackers could create a malicious app within Zoom that would secretly record what was happening on the screen. Because the malicious app gained access permission from Zoom, the user would be none the wiser to the malware operating on the computer.
The Jamf researchers noted that the vulnerability has been detected being exploited in the wild but only to take screenshots so far; they add that the same vulnerabilities could be exploited to also record video and access files.
Apple released a patch for macOS Big Sur 11.4 today along with a range of other security updates. Apple described the impact as “a malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.” The fix is described as “a permissions issue was addressed with improved validation.”
The patch was one of 58 separate listings in the macOS Big Sur 11.4 security update, with some of those addressed covering multiple listed Common Vulnerabilities and Exposures vulnerabilities.
Image: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU