Researchers from software company Jamf have reported that the XCSSET malware has been exploiting a newly discovered zero-day vulnerability that allows it to bypass macOS security defenses and take screenshots without the user's permission.
Previously discovered zero-days are used by the malware to steal cookies from the Safari browser to access victim's online accounts and to install a development version of Safari.
The malware was able to bypass macOS permissions by injecting malicious code into legitimate apps, like Zoom, WhatsApp, and Slack, then inheriting the permissions of the legitimate app across macOS.
The researchers said the malware also could be used to access microphones and webcams or capture users' keystrokes.
Apple has released macOS 11.4 to fix the bug.
From Tech Crunch
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found