Apple’s Big Sur 11.4 patches a security flaw that could be exploited to take screenshots, record audio and video, and access files on someone else’s Mac without their knowing.
Apple released Big Sur 11.4 this week in order to patch a zero-day flaw that allowed users to take screenshots, record video, and access files on someone else’s Mac without being detected. The exploit provided a way to bypass Apple’s Transparency Consent and Control (TCC) framework, which oversees the permissions granted to each app. The flaw was discovered by cybersecurity firm Jamf when, according to its blog, it observed XCSSET spyware “using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions.” The malware was able to evade the TCC by essentially hijacking permissions granted to other apps.
Avast Security Evangelist Luis Corrons recommends not waiting to update your Mac. “All users are urged to update to the latest version of Big Sur,” he said. “Mac users are accustomed to receiving prompts when an app needs certain permissions to perform its duties, but attackers are bypassing that protection completely by actively exploiting this vulnerability.”
Falsely registered Walmart accounts receive racist emails
A hacker signed up an unknown number of users for Walmart accounts, and then sent them a “Welcome to Walmart” email that contained a racial slur. Walmart spokesperson Molly Blakeman issued a statement saying that the bad actor came from outside the company and had “obvious intent to offend our customers.” She also commented, “We are shocked and appalled to see these offensive and unacceptable emails. We’re lookin ..
Support the originator by clicking the read the rest link below.
