Apple Mac users have been advised to update their macOS today as hackers have been exploiting ... [+]  another vulnerability in the operating system,

Update Your Mac Now: Nasty Hack Breaks Apple Security To Take Sneaky Photos

submited by
Style Pass
2021-05-24 20:30:07

Apple Mac users have been advised to update their macOS today as hackers have been exploiting ... [+] another vulnerability in the operating system, one that could lead to surreptitious snaps via people's webcams or sneaky recordings through the microphone. (Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)

It’s time to update your Apple Mac again, as malware that secretly takes screenshots has been spotted exploiting a serious weakness in macOS security. The flaw could be abused to record video or access files on Macs too, making patching more urgent.

The discovery was made by cybersecurity company Jamf during research into the XCSSET malware, first discovered in 2020. The hackers who created the spyware discovered they could get around a macOS privacy feature known as Transparency Consent and Control. The TCC is the feature that raises a flag when an app is doing something that might affect users’ privacy, such as taking photos or recording keystrokes, asking for explicit permission from the user before any action is taken. The malware coders found a way to hijack other apps’ permissions, ones that have already been approved by the user.

For instance, according to Jamf, the malware could create an app within Zoom, the hugely popular videoconferencing app, that would secretly record what’s happening on the screen. Because the malicious app effectively hooked into Zoom, which already had permission to carry out the screen recording, no prompt warning about the action would land on the Mac users’ screen, according to Jamf. Thus far the hackers have only been seen abusing the flaw to take screenshots, but the same exploit could be abused to pilfer files, record audio over the microphone or take images via the Mac’s camera, Jamf said.

Leave a Comment