A zero-day vulnerability (CVE-2021-30713) that allowed XCSSET malware to surreptitiously take screenshots of the victim’s desktop has been fixed by Apple on macOS 11.4 (Big Sur) on Monday. The malware is written in AppleScript ‘ a scripting language developed by Apple ‘ that facilitates control over script-enabled Mac applications. X CSSET is effectively trojan spyware that can grab user data from Safari and other installed browsers, read Safari cookies, inject JavaScript backdoors onto websites, grab information from apps (Evernote, Telegram, WeChat, etc.)
Source: https://www.helpnetsecurity.com/2021/05/25/cve-2021-30713-exploited/