macOS 11.4 patches zeroday exploit that let malware take unintended screenshots

Apple today released macOS Big Sur 11.4, which comes with expanded support for external GPUs, bug fixes in Safari, and more. However, this update also makes the system more secure as it patches an exploit that let malware take screenshots without the user’s knowledge.

As reported by Jamf, an Apple-focused mobile device management company, the XCSSET malware was using an exploit to take screenshots of Mac computers without asking for any permission. The malware targeted Mac developers and mainly infected Xcode projects, which were later shared on platforms such as Github.

However, although it was only taking unintended screenshots, the XCSSET malware also had the power to let the attacker access the disk and record the Mac screen, which could lead to even more serious damage. Interestingly enough, the malware was written in AppleScript so that it could run on macOS without being detected.

Much of the time the malware author leverages AppleScripts in their attack chain due to the facility in which it handles many bash commands, even downloading and/or executing Python scripts in an effort to obfuscate their intentions through a confusing use of various scripting languages.

Apple confirmed in a statement to TechCrunch that the exploit has been fixed with the latest version of macOS — which is macOS Big Sur 11.4. If you haven’t updated your Mac yet, you can do so now by going to the System Preferences app and clicking on the Software Update option.