Quote:Apple has patched a critical bug in macOS that could be exploited to take screenshots of someone’s computer and capture images of their activity within applications or on video conferences without that person knowing.
Apple addressed the vulnerability—discovered by researchers at enterprise cybersecurity firm Jamf— in the latest version of macOS, Big Sur 11.4, released on Monday, the company told Forbes, according to a published report.
Researchers said they discovered that the XCSSET spyware was using the vulnerability, tracked as CVE-2021-30713, “specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions,” according to a post on the Jamf blog.“This activity was discovered during analysis of XCSSET that they made “after noting a significant uptick of detected variants observed in the wild,” researchers said. Apple so far has not provided specific details about the vulnerability in its entry in the CVE database.
The flaw works by bypassing the Transparency Consent and Control (TCC) framework, which controls what resources applications have access to, “such as granting video collaboration software access to the webcam and microphone, in order to participate in virtual meetings,” according to the Jamf post.
“The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent–which is the default behavior,” researchers said.
Read more: Apple Patches Zero-Day Flaw in MacOS that Allows for Sneaky Screenshots | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
