Until today, malicious hackers have been exploiting a vulnerability in the latest macOS, allowing access to the microphone, webcam, recording the screen, or even taking screenshots on infected Macs. All of this happens without the user knowing or granting permission.
This scary attack is finally getting patched with the latest macOS 11.4 update released on May 24th, 2021. If you haven’t already, update your machine today, then get an antivirus app.
The zero-day was exploited by XCSSET, a piece of nasty malware discovered by security firm Trend Micro last August. XCSSET used what at the time were two zero-days aimed at developers, specifically their Xcode projects, which then got passed on to regular users.
Initially, the researchers didn’t know how far the vulnerability went. However, new reports claim the malware also exploits a third zero-day to take screenshots of the victim’s screen secretly. None of this is good news, that’s for sure.
macOS is supposed to ask the user for permission before any app can record the screen, access the microphone, or access storage. Unfortunately, this sneaky malware can bypass that prompt completely by jumping into legitimate apps.
At this point, it’s not clear how many Macs are infected, but in a statement to TechCrunch, Apple confirmed that the exploit is no longer an issue in the latest version, the macOS Big Sur 11.4 update. Keep in mind that this mostly targeted developer machines and not regular users.
Either way, we’ll say it one more time, update your Mac.