![]() ![]() While the malware discovered by Jamf researchers is only using this technique “specifically for the purpose of taking screenshots of the user’s desktop,” they warned that this is far from the only vulnerability it presents, since the technique can be used to inherit the system-wide permissions that have been granted to any app installed on a target’s Mac. In effect, this allows the malicious code to piggyback on the legitimate app, inheriting all of its permissions. However, when researchers dived further into the XCSSET malware, they discovered that it was also exploiting a previously unknown third zero-day vulnerability to bypass Apple’s TCC privacy framework - the system that prompts users for authorization to access things like your Mac’s screen, camera, microphone, and more. Once it finds one or more of these apps on the user’s system, the malware will build a custom AppleScript application - which further helps it to avoid detection - and then inject that into the “donor” application and then re-sign the app so that the built-in gatekeeper security in macOS won’t realize that the app has been changed.ĭubbed the XCSSET malware, it’s actually been around since last year, although originally, it was designed to harass developers by infecting their Xcode projects, stealing cookies, and abusing the development version of the Safari browser - all via two zero-day exploits that existed at the time. To be clear, this particular exploit requires another app to be running that already has been granted access to the user’s screen, however as Jamf’s researchers discovered, there’s already malware in the wild that’s been coded to take advantage of this flaw, and it’s clever enough to search out well-known apps that are usually granted screen-sharing permissions, such as Zoom, WhatsApp, and Slack. By leveraging an installed application with the proper permissions set, the attacker can piggyback off that donor app when creating a malicious app to execute on victim devices, without prompting for user approval. There’s actually a long list of fixes for zero-day vulnerabilities in this latest update, but the most significant was one highlighted by device management firm Jamf, which could allow Apple’s privacy protections to be bypassed to use an existing app to capture images from the screen without the user’s knowledge or authorization.Ī zero-day discovery allows an attacker to bypass Apple’s TCC protections which safeguard privacy. In terms of user-facing features, macOS Big Sur 11.4 adds the new Apple Podcast subscriptions and supports several new external GPUs, but what’s far more significant about this one is the patching of an important security vulnerability that could allow an attacker to take screenshots and screen recordings without your knowledge. Other names may be trademarks of their respective owners.Alongside this week’s release of iOS 14.6, which adds several interesting new features, Apple also quietly pushed out its latest point update to macOS Big Sur, and while the update is seemingly much more pedestrian in terms of features, there’s one important fix in there that should encourage you to download and install it ASAP. ![]() The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. Alexa and all related logos are trademarks of, Inc. App Store is a service mark of Apple Inc. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. ![]() Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Firefox is a trademark of Mozilla Foundation. or its affiliates in the United States and other countries. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. LifeLock identity theft protection is not available in all countries.Ĭopyright © 2022 NortonLifeLock Inc. The Norton and LifeLock Brands are part of NortonLifeLock Inc. ![]()
0 Comments
Leave a Reply. |