Apple on Monday released macOS Big Sur 11.4, the fourth major update to its macOS Big Sur operating system. The update patched a zero-day vulnerability that allowed attackers to surreptitiously take screenshots and record video of a user’s screen by hijacking app permissions.
Security researchers at Jamf first discovered the vulnerability, which bypassed Apple’s Transparency Consent and Control framework, which controls what system functions applications can access.
The vulnerability could allow an attacker to hijack the permissions granted to a legitimate app. This means a malicious app could make use of an app like Zoom’s recording permissions to record a victim’s screen.
Jamf says the vulnerability appears to have been already actively exploited in the wild. The flaw was uncovered while Jamf security researchers were researching the XCSSET malware, which targets macOS developers through infected Xcode projects.
Jamf says the macOS Big Sur 11.4 update includes a patch for the flaw. In addition to the Big Sur update, Apple also issued two security updates for macOS Mojave and macOS Catalina.
Apple software engineering head Craig Federighi last week testified in the recently wound up Apple v. Epic Games trial, and during his testimony said that third-party app installation is often exploited on the Mac. “iOS has established a dramatically higher bar for customer protection,” he said. “The Mac is not meeting that bar today.”