Microsoft Researchers Detail macOS Vulnerability That Could Let Attackers Gain Data 42s5z Technology News

Apple fixed the vulnerability through a macOS release last month. 4p5u4a

By Jagmeet Singh | Updated: 13 January 2022 19:13 IST

Microsoft Researchers Detail macOS Vulnerability That Could Let Attackers Gain Data

Photo Credit: Gadgets 360/ Roydon Cerejo 1095v

macOS s are recommended to install the latest update on their systems

Highlights

macOS vulnerability could allow attackers to by TCC tech
Apple acknowledged Microsoft efforts while informing s
macOS has TCC since 2012 to help s configure privacy settings

ment

Microsoft has detailed a vulnerability that existed in macOS which could allow an attacker to by its inbuilt technology controls and gain access to s' protected data. Dubbed “powerdir,” the issue impacts the system called Transparency, Consent, and Control (TCC) that has been available since 2012 to help s configure privacy settings of their apps. It could let attackers hijack an existing app installed on a Mac computer or install their own app and start accessing hardware including microphone and camera to gain data.

As released last month. It was also fixed through the macOS Big Sur 11.6.2 release for older hardware. However, devices that are using an older macOS version are still vulnerable.

Apple is using TCC to help s configure privacy settings such as access to the device's camera, microphone, and location as well as services including calendar and iCloud . The technology is available for access through the Security & Privacy section in System Preferences.

iOS 15.2.1, iPadOS 15.2.1 Released to Fix HomeKit Vulnerability

On top of TCC, Apple uses a feature that is aimed to prevent systems from unauthorised code execution and enforced a policy that restricts access to TCC to only apps with full disk access. An attacker can, though, change a target 's home directory and plant a fake TCC database to gain the consent history of app requests, Microsoft security researcher Jonathan Bar Or said in the blog post.

“If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the 's protected personal data,” the researcher said.

Microsoft's researchers also developed a proof-of-concept to demonstrate how the vulnerability could be exploited by changing the privacy settings on any particular app.

Apple has acknowledged the efforts made by the Microsoft team in its security document. The vulnerability is traced as CVE-2021-30970.

What's most interesting about Apple's new MacBook Pros, M1 Pro and M1 Max silicon, AirPods (3rd Generation), and Apple Music Voice plan? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

links may be automatically generated - see our ethics statement for details.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.