MacDirectory magazine is the premiere creative lifestyle magazine for Apple enthusiasts featuring interviews, in-depth tech reviews, Apple news, insights, latest Apple patents, apps, market analysis, entertainment and more.
Issue link: https://digital.macdirectory.com/i/1384448
Here’s Why You Should Update to macOS 11.4 Immediately By Jesse Hollington Alongside this week’s release of iOS 14.6, which adds several interesting new features, Apple also quietly pushed out its latest point update to macOS Big Sur, and while the update is seemingly much more pedestrian in terms of features, there’s one important fix in there that should encourage you to download and install it ASAP. In terms of user-facing features, macOS Big Sur 11.4 adds the new Apple Podcast subscriptions and supports several new external GPUs, but what’s far more significant about this one is the patching of an important security vulnerability that could allow an attacker to take screenshots and screen recordings without your knowledge. There’s actually a long list of fixes for zero-day vulnerabilities in this latest update, but the most significant was one highlighted by device management firm Jamf, which could allow Apple’s privacy protections to be bypassed to use an existing app to capture images from the screen without the user’s knowledge or authorization. A zero-day discovery allows an attacker to bypass Apple’s TCC protections which safeguard privacy. By leveraging an installed application with the proper permissions set, the attacker can piggyback off that donor app when creating a malicious app to execute on victim devices, without prompting for user approval. To be clear, this particular exploit requires another app to be running that already has been granted access to the user’s screen, however as Jamf’s researchers discovered, there’s already malware in the wild that’s been coded to take advantage of this flaw, and it’s clever enough to search out well-known apps that are usually granted screen-sharing permissions, such as Zoom, WhatsApp, and Slack. Once it finds one or more of these apps on the user’s system, the malware will build a custom AppleScript application — which further helps it to avoid detection — and then inject that into the “donor” application and then re-sign the app so that the built-in gatekeeper security in macOS won’t realize that the app has been changed. Dubbed the XCSSET malware, it’s actually been around since last year, although originally, it was designed to harass developers by infecting their Xcode projects, stealing cookies, and abusing the development version of the Safari browser — all via two zero-day exploits that existed at the time. However, when researchers dived further into the XCSSET malware, they discovered that it was also exploiting a previously unknown third zero-day vulnerability to bypass Apple’s TCC privacy framework — the system that prompts users for authorization to access things like your Mac’s screen, camera, microphone, and more. In effect, this allows the malicious code to piggyback on the legitimate app, inheriting all of its permissions. While the malware discovered by Jamf researchers is only using this technique “specifically for the purpose of taking screenshots of the user’s desktop,” they warned that this is far from the only vulnerability it presents, since the technique can be used to inherit the system-wide permissions that have been granted to any app installed on a target’s Mac. For example, this same malware could just as easily have been designed to access the microphone, camera, or even record keystrokes from the keyboard. It’s a very nasty little bug that could seriously compromise your Mac’s security. The good news, however, is that Apple has confirmed to TechCrunch that the vulnerability is fixed in macOS 11.4. While it’s unknown at this point how widely this XCSSET malware has spread, it’s definitely a good idea to head into your System Preferences and update to macOS 11.4 immediately if you haven’t already.