You would do well to update to macOS Big Sur 11.4 post-haste
Apple has rolled out updates to address a bevy of security flaws, including three zero-day vulnerabilities that are being actively exploited in the wild. Two of the loopholes affect tvOS used for the Apple TV 4k and Apple TV HD offerings, whereas the third one resides in the macOS Big Sur operating system that powers Apple’s line of laptops and desktop devices.
“Apple is aware of a report that this issue may have been actively exploited,” reads the tech giant’s security bulletin describing the flaws in macOS Big Sur and tvOS, respectively.
Tracked as CVE-2021-30713, the zero-day in macOS Big Sur could allow an attacker to bypass Apple’s Transparency Consent and Control Framework that prompts users for permission whenever an action or permission request by an app has a direct impact on their privacy.
“This is the system that controls what resources applications have access to, such as granting video collaboration software access to the webcam and microphone, in order to participate in virtual meetings. The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent — which is the default behavior,” said the Jamf detection team, which discovered the bypass while digging into apple fixes macos malware secret screenshots
