Apple released Big Sur 11.4 this week in order to patch a zero-day flaw that allowed users to take screenshots, record video, and access files on someone else’s Mac without being detected. The exploit provided a way to bypass Apple’s Transparency Consent and Control (TCC) framework, which oversees the permissions granted to each app. The flaw was discovered by cybersecurity firm Jamf when, according to its blog, it observed XCSSET spyware “using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions.” The malware was able to evade the TCC by essentially hijacking permissions granted to other apps.