Click to Skip Ad
Closing in...

Scary new malware secretly takes screenshots of macOS computers, but there’s a fix

Published May 25th, 2021 5:56PM EDT
Apple malware
Image: Gorodenkoff/Adobe

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

At this point, we are running out of ways to tell you to keep all of your software up to date on every device you own, but yet another major vulnerability has been uncovered, so we’ll say it again anyway: Update every piece of software on all of your devices.

The reason we felt the need to issue this alert again is because Apple patched a zero-day exploit in macOS Big Sur with the 11.4 update this week that reportedly could have allowed hackers to secretly take screenshots of your computer screen without your permission. As the security researchers at the software company Jamf explained in a blog post, the scary exploit (CVE-2021-30713) bypassed Apple’s Transparency Consent and Control (TCC) framework, which controls the resources that an application has access to, such as giving webcam and microphone access to Zoom.

“The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent — which is the default behavior,” Jamf said. “We, the members of the Jamf Protect detection team, discovered this bypass being actively exploited during additional analysis of the XCSSET malware, after noting a significant uptick of detected variants observed in the wild. The detection team noted that once installed on the victim’s system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions.”

Trend Micro first uncovered the XCSSET malware last August, explaining at the time that the attackers were injecting malicious code into Xcode projects that were then uploaded to Github. End users would then download the projects and the malware would spread on to their Macs.

Needless to say, a bad actor having the same access to your computer as trusted apps such as Zoom or Slack could be incredibly dangerous for macOS users. The good news is that Apple addressed the issue, but you need to download macOS Big Sur 11.4 if you want to ensure that your computer is safe from the exploit. It’s also worth noting that the new M1 Mac computers are vulnerable to the XCSSET malware if they aren’t up to date with the latest operating system version available from Apple.

If you want to update the software on your Mac, go to the Apple menu, click on System Preferences, and then click Software Update to check for the latest updates. If any updates are available, you will see an Update Now button which you can click to begin the installation process.

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.