Click to Skip Ad
Closing in...
  1. Mattress Topper Amazon
    14:52 Deals

    35,000 Amazon shoppers gave this mattress topper 5 stars – get one for $34 today

  2. Amazon Deals
    07:55 Deals

    10 deals you don’t want to miss on Saturday: Alexa in your car for $19.99, $200 Chro…

  3. Amazon Gift Card Promotion
    11:46 Deals

    How you can get $15 from Amazon right now for free

  4. Amazon Echo Auto Price
    13:16 Deals

    Add hands-free Alexa to your car for $19.99 with this Amazon deal

  5. MacBook Pro 2021 Price
    16:34 Deals

    Amazon slashed $200 off Apple’s M1 MacBook Pro, or get a MacBook Air for $899




Scary new malware secretly takes screenshots of macOS computers, but there’s a fix

May 25th, 2021 at 5:56 PM
Apple malware

At this point, we are running out of ways to tell you to keep all of your software up to date on every device you own, but yet another major vulnerability has been uncovered, so we’ll say it again anyway: Update every piece of software on all of your devices.

The reason we felt the need to issue this alert again is because Apple patched a zero-day exploit in macOS Big Sur with the 11.4 update this week that reportedly could have allowed hackers to secretly take screenshots of your computer screen without your permission. As the security researchers at the software company Jamf explained in a blog post, the scary exploit (CVE-2021-30713) bypassed Apple’s Transparency Consent and Control (TCC) framework, which controls the resources that an application has access to, such as giving webcam and microphone access to Zoom.

Today's Top Deal Control your garage door from anywhere with your smartphone or Alexa! List Price:$29.98 Price:$21.99 You Save:$7.99 (27%) Buy Now Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission

“The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent — which is the default behavior,” Jamf said. “We, the members of the Jamf Protect detection team, discovered this bypass being actively exploited during additional analysis of the XCSSET malware, after noting a significant uptick of detected variants observed in the wild. The detection team noted that once installed on the victim’s system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions.”

Trend Micro first uncovered the XCSSET malware last August, explaining at the time that the attackers were injecting malicious code into Xcode projects that were then uploaded to Github. End users would then download the projects and the malware would spread on to their Macs.

Needless to say, a bad actor having the same access to your computer as trusted apps such as Zoom or Slack could be incredibly dangerous for macOS users. The good news is that Apple addressed the issue, but you need to download macOS Big Sur 11.4 if you want to ensure that your computer is safe from the exploit. It’s also worth noting that the new M1 Mac computers are vulnerable to the XCSSET malware if they aren’t up to date with the latest operating system version available from Apple.

If you want to update the software on your Mac, go to the Apple menu, click on System Preferences, and then click Software Update to check for the latest updates. If any updates are available, you will see an Update Now button which you can click to begin the installation process.

Today's Top Deal Amazon's #1 best-selling portable Bluetooth speaker is down to the lowest price of 2021! List Price:$34.99 Price:$22.09 You Save:$12.90 (37%) Buy Now Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission

Jacob started covering video games and technology in college as a hobby, but it quickly became clear to him that this was what he wanted to do for a living. He currently resides in New York writing for BGR. His previously published work can be found on TechHive, VentureBeat and Game Rant.




Popular News