Why it matters: On Monday, Microsoft publicly disclosed a vulnerability in macOS that could be used to access or exfiltrate sensitive user data. The exploit is facilitated by a flaw in the Transparency, Consent, and Control (TCC) framework. The TCC platform is part of macOS that allows users to control what apps can access users’ data, files, and components.
Microsoft 365 Defender Research Team dubbed the vulnerability (CVE-2021-30970) “powerdir” named after the software exploit created by Microsoft researcher Jonathan Bar Or. Microsoft notified Cupertino of the security flaw in July 2021. Apple patched the flaw in December with macOS 11.6 and 12.1.
“We discovered that it is possible to programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests,” explained Or. “If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data.”
Screenshots show the program granting Or access to both the microphone and camera. However, the TCC also maintains permission for other components, including screen recording, Bluetooth, location services, contacts, photos, and more.
While Microsoft created the software specifically for this task, any app could use the same technique to exploit the hole. The attacker needs full disk access to the TCC database, which could be granted via other methods. Once gained, hackers can assign or reassign access permissions as they please.
Powerdir is the third TCC bypass found in the last couple of years. The other two (CVE-2020-9934 and CVE-2020-27937) were disclosed and patched in 2020. Another flaw (CVE-2021-30713) found last year in all Apple operating systems allowed attackers arbitrary control over permissions, which hackers actively exploited before being fixed in May.
Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here
OLANLY Dog Door Mat for Muddy Paws 24x16, Absorbs Moisture and Dirt, Absorbent Non-Slip Washable Doormat, Quick Dry Chenille Mud Mat, Entry Indoor Entryway Carpet for Inside Floor, Atlantic Blue
$9.99 (as of March 13, 2025 19:47 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Bunny - Easter My Realistic Bunny Toy, Interactive Bunny Realistic Bunny - Jumping, Twitching, and Shaking Ears, Bunny Realistic Bunny Toy, Bunbi Realistic Bunny, Realistic Bunny Toys (Brown)
$19.98 (as of March 13, 2025 19:47 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Stanley Quencher H2.0 Tumbler with Handle and Straw 30 oz | Flowstate 3-Position Lid | Cup Holder Compatible for Travel | Insulated Stainless Steel Cup | BPA-Free | Fuchsia
$26.25 (as of March 13, 2025 20:23 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Lipfidence Lip Lightening Cream for Dark Lips|Lip Lightener for Smokers and Non-Smokers | Help fade lip discoloration with Alpha Arbutin & Licorice Extract | Scented+Soothing Mint 10ml/0.33fl.oz
$22.99 (as of March 13, 2025 20:23 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
