AAPL - Apple patches Mac flaw that let malware take screenshots
Last year, Trend Micro ([[TMICY]]) discovered a new strain of malware, XCSSET, that infected Mac developers through Apple's ([[AAPL]] -0.1%) Xcode integrated developer environment to then continue spreading through Github.XCSSET was found to utilize two zero-day exploits, or then unknown software vulnerabilities that left the door open for attack. The malware could get around system integrity protection and swipe Safari browser cookies and install a developer version of Safari without the user's knowledge.Researchers at Jamf ([[JAMF]] +1.8%) now reveal a third zero-day exploit, which bypassed Apple's Transparency Consent and Control system that controls the access permissions of applications. Attackers using the exploit could then take screenshots of the user's desktop without requesting additional permission.Apple patched the problem in the Big Sur 11.4 macOS release.Mac malware came up during the antitrust trial of Fortnite publisher Epic Games versus Apple. During his testimony, Apple software engineering head Craig Federighi said iOS doesn't embrace the
For further details see:
Apple patches Mac flaw that let malware take screenshots