{"id":258906,"date":"2021-05-25T21:53:24","date_gmt":"2021-05-25T18:53:24","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/a-new-macos-update-patches-0-day-exploit-that-let-hackers-screenshot-on-your-mac-review-geek\/"},"modified":"2021-05-25T21:53:24","modified_gmt":"2021-05-25T18:53:24","slug":"a-new-macos-update-patches-0-day-exploit-that-let-hackers-screenshot-on-your-mac-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/a-new-macos-update-patches-0-day-exploit-that-let-hackers-screenshot-on-your-mac-review-geek\/","title":{"rendered":"#A New macOS Update Patches 0-Day Exploit That Let Hackers Screenshot on Your Mac \u2013 Review Geek"},"content":{"rendered":"

“#A New macOS Update Patches 0-Day Exploit That Let Hackers Screenshot on Your Mac \u2013 Review Geek”<\/strong><\/p>\n

\n
\"Colorful
App<\/a>le<\/span><\/figcaption><\/figure>\n

Until today, malicious hackers have been exploiting a vulnerability in the latest macOS, allowing access to the microphone, webcam, recording the screen, or even taking screenshots on infected Macs. All of this happens without the user knowing or granting permission.<\/p>\n

This scary attack is finally getting patched with the latest macOS 11.4 update released on May 24th, 2021. If you haven\u2019t already, update your machine today, then\u00a0get an antivirus app.<\/p>\n

The zero-day was exploited by XCSSET, a piece of nasty malware\u00a0discovered by security firm Trend Micro<\/a>\u00a0last August. XCSSET used what at the time were two zero-days aimed at developers, specifically their Xcode projects, which then got passed on to regular users.<\/p>\n

Initially, the researchers didn\u2019t know how far the vulnerability went. However, new reports claim the malware also exploits a third zero-day to take screenshots of the victim\u2019s screen secretly. None of this is good news<\/a>, that\u2019s for sure.<\/p>\n

\"Apple
Cory Gunther<\/span><\/figcaption><\/figure>\n

macOS is supposed to ask the user for permission before any app can record the screen, access the microphone, or access storage. Unfortunately, this sneaky malware can bypass that prompt completely by jumping into legitimate apps.<\/p>\n

At this point, it\u2019s not clear how many Macs are infected, but in a statement to\u00a0TechCrunch<\/a><\/em>, Apple confirmed\u00a0that the exploit is no longer an issue in the latest version, the macOS Big Sur 11.4 update. Keep in mind that this mostly targeted developer machines and not regular users.<\/p>\n

Either way, we\u2019ll say it one more time, update your Mac.\n<\/p><\/div>\n