To date, malicious hackers are exploiting a vulnerability in the latest macOS, allowing them to access the microphone, webcam, record the screen, or even take screenshots on infected Macs. All this happens without the user knowing or giving consent.
This scary attack is finally being patched with the latest macOS 1
The zero-day was exploited by XCSSET, a piece of nasty malware discovered by security firm Trend Micro last August. XCSSET used what were two zero-days at the time targeting developers, specifically their Xcode projects, which were then passed on to regular users.
Initially the researchers did not know how far the vulnerability went. However, new reports claim that the malware is also exploiting a third zero-day to secretly take screenshots of the victim’s screen. None of this is good news, that’s for sure.
macOS must ask the user for permission before an app can record the screen, access the microphone, or access storage. Unfortunately, this sneaky malware can bypass that prompt completely by hopping into legitimate apps.
At the moment it is not clear how many Macs are infected, but a statement to it TechCrunchApple confirmed that the exploit is no longer an issue in the latest version, the macOS Big Sur 11.4 update. Keep in mind that this was mainly aimed at developer machines and not regular users.
Anyway, we’ll say it again, update your Mac.