Sign In

Communications of the ACM

ACM TechNews

Malware Caught Using macOS Zero-Day to Secretly Take Screenshots


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A hacked image on a smartphone.

Mac users will want to update to the latest version of Mac OS as soon as possible, as the update patches a security flaw that allows hackers to secretly take screenshots of your computer screen.

Credit: safeguarde.com

Researchers from software company Jamf have reported that the XCSSET malware has been exploiting a newly discovered zero-day vulnerability that allows it to bypass macOS security defenses and take screenshots without the user's permission.

Previously discovered zero-days are used by the malware to steal cookies from the Safari browser to access victim's online accounts and to install a development version of Safari.

The malware was able to bypass macOS permissions by injecting malicious code into legitimate apps, like Zoom, WhatsApp, and Slack, then inheriting the permissions of the legitimate app across macOS.

The researchers said the malware also could be used to access microphones and webcams or capture users' keystrokes.

Apple has released macOS 11.4 to fix the bug.

From Tech Crunch
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found