{"id":22845,"date":"2021-05-25T00:26:53","date_gmt":"2021-05-24T22:26:53","guid":{"rendered":"https:\/\/www.apfelpatient.de\/?p=22845"},"modified":"2021-05-25T00:26:54","modified_gmt":"2021-05-24T22:26:54","slug":"macos-big-sur-11-4-fixes-screenshot-vulnerability","status":"publish","type":"post","link":"https:\/\/www.apfelpatient.de\/en\/news\/macos-big-sur-11-4-behebt-schwachstelle-bei-bildschirmfotos","title":{"rendered":"macOS Big Sur 11.4 fixes screenshot vulnerability"},"content":{"rendered":"

Apple has patched a zero-day vulnerability in macOS Big Sur 11.4 that could allow attackers to secretly capture screenshots or videos of a user's screen by hijacking existing app permissions.<\/strong><\/p>\n\n\n\n

The vulnerability bypasses Apple\u2019s Transparency Consent and Control Framework, which controls which system functions applications can access, according to security researchers at Jamf, who first discovered the vulnerability discovered<\/a> Jamf notes that the vulnerability appears to have been actively exploited in the wild. The company discovered the flaw while investigating a Mac malware called XCSSET that targets macOS developers via infected Xcode projects. The vulnerability could allow an attacker to take away permissions granted to other apps.<\/p>\n\n\n\n

macOS Big Sur 11.4: Mojave and Catalina also receive updates<\/h3>\n\n\n\n\n\n\n\n

For example, a malicious app could hook into Zoom - which already has recording privileges - and record a user's screen. Jamf notes that attackers have so far only used the vulnerability to take screenshots. According to Jamf, Apple has released a patch for the vulnerability in macOS Big Sur 11.4. Along with this release on Monday, Apple also released two security updates for macOS Mojave and macOS Catalina. In a statement to Forbes, Apple emphasized that the vulnerability is only a problem for users who download programs outside of the Mac App Store. (Photo by Skorzewiak \/ Bigstockphoto)<\/p>\n\n\n\n