acm-header
Sign In

Communications of the ACM

Home/News/Malware Caught Using macOS Zero-Day to Secretly Take.../Full Text
ACM TechNews

Malware Caught Using macOS Zero-Day to Secretly Take Screenshots

By Tech Crunch
May 27, 2021
Comments
View as: Print Mobile App Share:
A hacked image on a smartphone.

Mac users will want to update to the latest version of Mac OS as soon as possible, as the update patches a security flaw that allows hackers to secretly take screenshots of your computer screen.

Credit: safeguarde.com

Researchers from software company Jamf have reported that the XCSSET malware has been exploiting a newly discovered zero-day vulnerability that allows it to bypass macOS security defenses and take screenshots without the user's permission.

Previously discovered zero-days are used by the malware to steal cookies from the Safari browser to access victim's online accounts and to install a development version of Safari.

The malware was able to bypass macOS permissions by injecting malicious code into legitimate apps, like Zoom, WhatsApp, and Slack, then inheriting the permissions of the legitimate app across macOS.

The researchers said the malware also could be used to access microphones and webcams or capture users' keystrokes.

Apple has released macOS 11.4 to fix the bug.

From Tech Crunch
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account