Skip to main content

macOS 11.4 patches zero-day exploit that let malware take unintended screenshots

Apple today released macOS Big Sur 11.4, which comes with expanded support for external GPUs, bug fixes in Safari, and more. However, this update also makes the system more secure as it patches an exploit that let malware take screenshots without the user’s knowledge.

As reported by Jamf, an Apple-focused mobile device management company, the XCSSET malware was using an exploit to take screenshots of Mac computers without asking for any permission. The malware targeted Mac developers and mainly infected Xcode projects, which were later shared on platforms such as Github.

However, although it was only taking unintended screenshots, the XCSSET malware also had the power to let the attacker access the disk and record the Mac screen, which could lead to even more serious damage. Interestingly enough, the malware was written in AppleScript so that it could run on macOS without being detected.

Much of the time the malware author leverages AppleScripts in their attack chain due to the facility in which it handles many bash commands, even downloading and/or executing Python scripts in an effort to obfuscate their intentions through a confusing use of various scripting languages.

Site default logo image

Apple confirmed in a statement to TechCrunch that the exploit has been fixed with the latest version of macOS — which is macOS Big Sur 11.4. If you haven’t updated your Mac yet, you can do so now by going to the System Preferences app and clicking on the Software Update option.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications