Click to Skip Ad
Closing in...
  1. Amazon Dash Smart Shelf
    15:16 Deals

    I’m obsessed with this Amazon gadget you’ve never heard of – and it&#821…

  2. MyQ Smart Garage Door Opener
    11:06 Deals

    Unreal Prime Day deal gets you a MyQ smart garage opener and a $40 Amazon credit for $17

  3. Prime Day Deals
    09:47 Deals

    Did someone forget to end these 15 epic Prime Day deals?

  4. Roomba Prime Day Deals
    21:34 Deals

    Robot vacuums start at $90 for Prime Day, or get a Roomba for $200

  5. Prime Day 2021 Deals
    10:22 Deals

    Amazon just revealed its official list of Prime Day 2021 best-sellers

Scary new malware secretly takes screenshots of macOS computers, but there’s a fix

May 25th, 2021 at 5:56 PM
Apple malware

At this point, we are running out of ways to tell you to keep all of your software up to date on every device you own, but yet another major vulnerability has been uncovered, so we’ll say it again anyway: Update every piece of software on all of your devices.

The reason we felt the need to issue this alert again is because Apple patched a zero-day exploit in macOS Big Sur with the 11.4 update this week that reportedly could have allowed hackers to secretly take screenshots of your computer screen without your permission. As the security researchers at the software company Jamf explained in a blog post, the scary exploit (CVE-2021-30713) bypassed Apple’s Transparency Consent and Control (TCC) framework, which controls the resources that an application has access to, such as giving webcam and microphone access to Zoom.

Today's Top Deal Amazon forgot to end this #1 best-selling Prime Day deal — now just $17! List Price:$29.98 Price:$16.98 You Save:$13.00 (43%) Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

“The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent — which is the default behavior,” Jamf said. “We, the members of the Jamf Protect detection team, discovered this bypass being actively exploited during additional analysis of the XCSSET malware, after noting a significant uptick of detected variants observed in the wild. The detection team noted that once installed on the victim’s system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions.”

Trend Micro first uncovered the XCSSET malware last August, explaining at the time that the attackers were injecting malicious code into Xcode projects that were then uploaded to Github. End users would then download the projects and the malware would spread on to their Macs.

Needless to say, a bad actor having the same access to your computer as trusted apps such as Zoom or Slack could be incredibly dangerous for macOS users. The good news is that Apple addressed the issue, but you need to download macOS Big Sur 11.4 if you want to ensure that your computer is safe from the exploit. It’s also worth noting that the new M1 Mac computers are vulnerable to the XCSSET malware if they aren’t up to date with the latest operating system version available from Apple.

If you want to update the software on your Mac, go to the Apple menu, click on System Preferences, and then click Software Update to check for the latest updates. If any updates are available, you will see an Update Now button which you can click to begin the installation process.

Today's Top Deal How is this Windows 10 laptop & 128GB microSD bundle only $219.99?! List Price:$249.99 Price:$219.99 You Save:$30.00 (12%) Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Jacob started covering video games and technology in college as a hobby, but it quickly became clear to him that this was what he wanted to do for a living. He currently resides in New York writing for BGR. His previously published work can be found on TechHive, VentureBeat and Game Rant.

Popular News