macOS 11.4 fixes flaw that allows attackers to snap secret screenshots

macOS 11.4 fixes flaw that allows attackers to snap secret screenshots


macOS 11.4 malware flaw
Update ASAP if you haven't already.
Photo: Jamf

Apple’s newest macOS update fixes a zero-day vulnerability that could give attackers the ability to take secret screenshots and more. The flaw takes advantage of privacy permissions granted to apps like Zoom.

It is recommended you update to macOS 11.4 as soon as possible if you haven’t already.

The newest Big Sur update seemed rather insignificant, its most exciting feature being new Podcasts Subscriptions, announced during Apple’s recent Spring Loaded event. But there’s more to it under the hood.

One thing Apple’s releases notes didn’t mention is that the update also fixes a rather serious security flaw.

Update your Mac to patch new zero-day vulnerability

Detailed by security researchers at Jamf, the vulnerability could allow attackers to piggyback off a “donor app” to gain full disk access, take screen recordings, take over a Mac’s microphone, and more.

“We, the members of the Jamf Protect detection team, discovered this bypass being actively exploited during additional analysis of the XCSSET malware, after noting a significant uptick of detected variants observed in the wild,” reads the report, published on Monday.

This particular strain of malware exploited the flaw to take screenshots without a user’s knowledge — and without requiring any additional permissions. It piggybacked popular video calling apps like Zoom.

Mac malware stays under the radar

XCSSET, written in AppleScript, searches for an app that already has permission to capture screenshots after making its way onto a user’s system. It then injects itself into the “donor app” so that it can acquire the same permissions without further authorization from the user.

“During Jamf’s testing, it was determined that this vulnerability is not limited to screen recording permissions either,” the report adds. “Multiple different permissions that have already been provided to the donor application can be transferred to the maliciously created app.”

The good news is that Apple has already addressed this problem. Installing its newest macOS 11.4 update patches the flaw, preventing XCSSET and similar malware from exploiting the vulnerability. If you haven’t already updated, then, you should do so as soon as possible.


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.