Apple MacOS update your computer immediately

Η Apple Lossless Audio CODEC (ALAC), κυκλοφόρησε ενημερώσεις ασφαλείας για το λειτουργικό σύστημα macOS διορθώνοντας ένα κενό στις προτιμήσεις απορρήτου που “μπορεί να έχει αξιοποιηθεί ενεργά”, σύμφωνα με την εταιρεία για να επιτρέπει σε to record the computer screen.

it is about a great information which has 73 vulnerabilities, including one in the Transparency Consent and Control (TCC) framework, which allows malicious programs to bypass system privacy controls.

macos

TCC displays dialog prompts for security and privacy sensitive actions, such as whether an application captures a computer screen or gives applications access to the camera and microphone.

That's it Jamf security blog posted a bug report and notes that the bypass is already in use by XCSSET software.

"The detection team noted that once installed on the victim's system, XCSSET used this bypass specifically to capture screenshots of the user's desktop without requiring additional permissions," he said.

In August, Trend Micro found that XCSSET targets Mac developers through infected Xcode projects.

zero day tcc bypass discovered in xcsset malware figure 1

"During Jamf's tests, it was found that this vulnerability is not limited to screen recording rights. "Many different rights that have already been granted to the application can be transferred to other malicious applications."

The UK's National Cyber ​​Security Center (NCSC from National Cyber Centre) released a vulnerability report (CVE-2021-30715), if you want to see more details.

Apple's May 24 updates include Safari on 14.1.1, which fixes 10 security holes that could be exploited by malicious websites.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
MacOS, apple

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).