Η Apple Lossless Audio CODEC (ALAC), has released security updates for the macOS operating system by fixing a gap in privacy preferences that "may have been actively exploited", according to the company, to allow malicious applications to register on the computer screen.
it is about a great information which addresses 73 vulnerabilities, including one in Transparency Consent and Control (TCC), η οποία επιτρέπει σε κακόβουλα προγράμματα να παρακάμπτουν τα στοιχεία ελέγχου απορρήτου του συστήματος.
TCC displays dialog prompts for actions sensitive to security and privacy, such as whether an application recording a computer's screen or when giving applications access to the camera and microphone.
That's it Jamf security blog posted a bug report and notes that the bypass is already being used by XCSSET malware.
"The detection team noted that once installed on the victim's system, XCSSET used this bypass specifically to capture screenshots of the user's desktop without requiring additional permissions," he said.
In August, the Trend Micro found that XCSSET targets Mac developers via infected Xcode projects.
"During Jamf's tests, it was found that this vulnerability is not limited to screen recording rights. "Many different rights that have already been granted to the application can be transferred to other malicious applications."
The National Cyber Security Center of the United Kingdom (NCSC from the National Cyber Security Center) has released a vulnerability report (CVE-2021-30715), if you want to see more details.
Apple's May 24 updates include Safari on version 14.1.1, which fixes 10 security holes that could be exploited by malicious websites.
