XCSSET malware exploits zero day TCC vulnerability in MacOS

THREAT LEVEL: Red.

For a detailed advisory, download the pdf file here.

A zero-day vulnerability (CVE-2021-30713) in the latest macOS was exploited by XCSSET malware which allows an attacker to bypass the Transparency Consent and Control (TCC) framework and gives unauthorized access to the microphone, webcam, recording the screen, or even taking screenshots on infected Macs without prompting for user approval .The MITRE technique used by the adversary is T1222.

Vulnerability Details

Indicators of Compromise

Patch Links

https://support.apple.com/en-us/HT212529

References

https://support.apple.com/en-us/HT212529
https://threatpost.com/apple-patches-zero-day-flaw-in-macos-that-allows-for-sneaky-screenshots/166428/
https://www.ehackingnews.com/2021/05/apple-fixes-macos-zero-day.html
https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/
https://www.darkreading.com/threat-intelligence/macos-zero-day-let-attackers-bypass-privacy-preferences/d/d-id/1341131
https://www.reviewgeek.com/85025/a-new-macos-update-patches-0-day-exploit-that-let-hackers-screenshot-on-your-mac/
https://vuldb.com/?id.175760

XCSSET malware exploits zero day TCC vulnerability in MacOS

THREAT LEVEL: Red.

Vulnerability Details

Indicators of Compromise

Patch Links

References

Multiple vulnerabilities in Nagios IT Monitoring Software could be exploited for infrastructure hijacking

AnyDesk Installer Targeted by Malvertising Campaign

Recent Posts