Researchers at Windows Maker Microsoft A vulnerability has been found that exists Mac OS Which could allow attackers to gain access to the user’s data. The vulnerability is said to bypass existing macOS privacy controls to gain access to protected data of users. Vulnerability, dubbed “powerdir, “Affects a system called Transparency, Consent and Control (TCC) in macOS that has been available since 2012. It helps users configure privacy settings on their apps.
Microsoft researchers detail the vulnerability in a blog post, saying it allows attackers to hijack existing apps installed on Macs, or install their own apps on computers and gain access to user data on hardware, including microphones and cameras. allows for. allows access. According to reports, Apple has fixed a bug in the macOS Monterey 12.1 update that came last month. Previously, this was addressed in the macOS Big Sur update for older Mac computers. But devices with older versions of macOS are still vulnerable.
Apple uses TCC to help users configure privacy settings, including access to the device’s camera and microphone, as well as services including Calendar and Calendar. iCloud Reason. In addition, Apple also uses a feature that aims to prevent the system from unauthorized code execution and has implemented a policy that restricts TCC access only to apps with full disk access. However, an attacker can still target the user’s home directory and insert a fake TCC database to obtain consent for the history of app requests. “If exploited on an unprivileged system, this vulnerability could allow a malicious actor to potentially attack based on a user’s protected personal data,” Microsoft security researcher Jonathan Barr said in a blog post. ” Courage.”
Apple has acknowledged the issue in a security document, crediting Microsoft’s team for its efforts. The vulnerability has been named CVE-2021-30970. Microsoft researchers have also developed a proof of concept that shows how this vulnerability can be exploited by changing the privacy settings on any app.