Security News > 2021 > May > Apple fixes macOS zero-day exploited by malware (CVE-2021-30713)
A zero-day vulnerability that allowed XCSSET malware to surreptitiously take screenshots of the victim's desktop has been fixed by Apple on macOS 11.4 on Monday.
The XCSSET malware and its CVE-2021-30713 exploitation.
The malware is written in AppleScript - a scripting language developed by Apple - that facilitates control over script-enabled Mac applications.
"From the user's perspective, TCC is the prompt they receive when a program attempts to perform an action that Apple believes should require explicit permission from the user before allowing the action to occur."
XCSSET bypasses the TCC protections by using an AppleScript module to search for an application that has permissions to capture a screenshot and compiling it into a custom AppleScript application that is injected into that "Donor" application.
At the same time, Apple has also released security updates for macOS Catalina and Mojave, Safari 14.1.1, iOS 14.6 and iPadOS 14.6, tvOS 14.6 and watchOS 7.5.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/CAnnKqQ01Bo/
Related news
- Ivanti zero-day attacks infected devices with custom malware (source)
- Apple fixes this year’s first actively exploited zero-day bug (source)
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Apple missed screenshot-snooping malware in code that made it into the App Store, Kaspersky claims (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- XCSSET macOS malware returns with first new version since 2022 (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-08 | CVE-2021-30713 | Improper Input Validation vulnerability in Apple mac OS X and Macos A permissions issue was addressed with improved validation. | 7.8 |