macOS Big Sur 11.4, which is now available, fixes a zero-day vulnerability that could allow an attacker to exploit apps like Zoom to take screenshots and record the screen without the user noticing.
Jamf, the device management company, highlighted a security issue that allowed privacy preferences to be bypassed, allowing the attacker to have full disk access, screen recording and other permissions without the user having agreed to grant them.
This security flaw was exploited in the real world and was discovered by Jamf while analyzing XCSSET malware. XCSSET malware has been known since 2020, but Jamf spotted a recent spike in activity and discovered a new variant.
Once installed on the victim's operating system, the malware was specifically used to take screenshots of the user's desktop without the need to grant permissions.
Jamf has a full explanation on how the security flaw was exploited, and the company says Apple fixed that vulnerability in macOS Big Sur 11.4.
All the more reason to install system updates as quickly as possible.
