Reading Time: 2 minutes
Apple’s latest update for iOS patches dangerous security holes. The latest security patch released by Apple yesterday includes fixes for 38 significant bugs, covered by 43 different CVE bug numbers.
While the macOS Big Sur 11.4 update shared many of those bugs with iOS, it also includes its own list of bugs, with 58 significant bugs patched, covered by 73 different CVE bug numbers.
Cybercriminals have been exploiting the CVE-2021-30713 security flaw has been patched. Earlier last year, the exploit was reported to Apple after remaining unnoticed in Mac malware called XCCSET. The bug exists in the system component called Transparency Consent and Control(TCC). It is a part of macOS supposed to ensure that apps don’t function inappropriately.
Security researchers at Mac management software company Jamf discovered the bug provides a sneaky way to “leech off” the permissions of an already-installed app. It runs a simple AppleScript utility with no special permissions to achieve this.
Normally when the malware runs an AppleScript utility to record your screen would popup a security warning asking if you wanted to allow the malware to go ahead. Only after you click on the Security and Privacy page in System Preferences and manually approve the malware by adding it to the list of apps allowed to record your screen will the bad actors be able to break into the system.
Jamf researcher’s findings suggest that by judiciously inserting the malicious screenshotting AppleScript utility into the application directory of software that already had Screen Recording permissions.
They further added, “they could then launch their AppleScript under the assumed authority of the so-called “donor” app and take screenshots covertly without any warnings popping up.
BOSE Fends Off Ransomware Attack Without Paying Ransom
SolarWinds Hackers Targeting 150 organizations Again – Microsoft Warns
Bazaloader Phishing Attack Tricks People into Installing Malware on their Windows PC