A variant of the XCSSET malware recently detected by the Jamf Protection detection team was found to be actively exploited in the wild. The zero-day allows for bypassing of Apple’s system controls, allowing attackers to gain access to privacy data, such as webcam and microphone access, among many others.
In this paper, we address what XCSSET malware is, how it works and what to do to protect your macOS devices.