![]() “As expected, the list of application IDs that are targeted are all applications that users regularly grant the screen sharing permission to as part of its normal operation,” Bradley wrote in a post. To locate apps that XCSSET could piggyback off of, the malware checked for screen capture permissions from a list of installed applications. But a bug appears to have existed in the operating system logic when it comes to how the TCC permissions are handled in such a situation.” “Some developers design applications with smaller applications placed within them,” Jamf researcher Jaron Bradley said in an interview. The exploit allowed the malware to inherit the screenshot permissions, as well as other privileges controlled by TCC. The vulnerability was the result of a logic error that allowed XCSSET to hide inside the directory of an installed app that already had permission to take screenshots. An Xcode project is a repository for all the files, resources, and information needed to build an app. As soon as one of the XCSSET projects was opened and built, TrendMicro said, the malicious code would run on the developers’ Macs. Infections came in the form of malicious projects that the attacker wrote for Xcode, a tool that Apple makes available for free to developers writing apps for macOS or other Apple OSes. XCSSET used what at the time were two zero-days to infect Mac developers with malware that stole browser cookies and files injected backdoors into websites stole information from Skype, Telegram, and other installed apps took screenshots and encrypted files and showed a ransom note. The zero-day was exploited by XCSSET, a piece of malware discovered by security firm Trend Micro last August. Malicious hackers have been exploiting a vulnerability in fully updated versions of macOS that allowed them to take screenshots on infected Macs without having to get permission from victims first.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |