"Malware Used Zero-Day Exploit to Take Screenshots of Victims' Macs"
Apple has patched a vulnerability, discovered by Jamf researchers, that malware actors have been exploiting to circumvent the Transparency Consent and Control (TCC) framework. The evasion of this framework allows the actors to take screenshots of an infected computer desktop without having to trick the user into granting permissions to them. Since the TCC system controls which resources and tools that different applications can access, bypassing it could have allowed the attackers to perform more malicious activities besides just taking screenshots, according to the researchers who found the flaw. Tests have shown that the same exploit could be used to avoid prompts that display when an application accesses the microphone and webcam. The exploit could also be used to bypass applications that are supposed to display prompts when accessing a user's personal files and folders. The zero-day exploit was leveraged by a malware program called XCSSET. This discovery brings further attention to the fact that non-Windows operating systems are increasingly being targeted and that attackers are actively looking for macOS vulnerabilities. This article continues to discuss the recently patched zero-day vulnerability found in macOS and its exploitation by attackers using XCSSET malware.
SC Media reports "Malware Used Zero-Day Exploit to Take Screenshots of Victims' Macs"