Skip to main content

Microsoft Researchers Detail macOS Vulnerability That Could Let Attackers Gain User Data

Apple fixed the vulnerability through a macOS release last month.






Microsoft has detailed a vulnerability that existed in macOS which could allow an attacker to bypass its inbuilt technology controls and gain access to users' protected data. Dubbed “powerdir,” the issue impacts the system called Transparency, Consent, and Control (TCC) that has been available since 2012 to help users configure privacy settings of their apps. It could let attackers hijack an existing app installed on a Mac computer or install their own app and start accessing hardware including microphone and camera to gain user data.

As detailed on a blog post, the macOS vulnerability could be exploited by bypassing TCC to target users' sensitive data. Apple notably fixed the flaw in the macOS Monterey 12.1 update that was released last month. It was also fixed through the macOS Big Sur 11.6.2 release for older hardware. However, devices that are using an older macOS version are still vulnerable.

Apple is using TCC to help users configure privacy settings such as access to the device's camera, microphone, and location as well as services including calendar and iCloud account. The technology is available for access through the Security & Privacy section in System Preferences.

On top of TCC, Apple uses a feature that is aimed to prevent systems from unauthorised code execution and enforced a policy that restricts access to TCC to only apps with full disk access. An attacker can, though, change a target user's home directory and plant a fake TCC database to gain the consent history of app requests, Microsoft security researcher Jonathan Bar Or said in the blog post.

Ads by 

“If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user's protected personal data,” the researcher said.

Microsoft's researchers also developed a proof-of-concept to demonstrate how the vulnerability could be exploited by changing the privacy settings on any particular app.

Apple has acknowledged the efforts made by the Microsoft team in its security document. The vulnerability is traced as CVE-2021-30970. ( By Pankaj Prajapati )

Comments

Popular posts from this blog

OnePlus Ace Allegedly Facing Heating Issues, Company Says It's Normal: Report

OnePlus says the temperature will not affect the normal use of the handset. OnePlus Ace, which was launched in India as OnePlus 10R 5G, is facing overheating issues, as per a report. A customer of the OnePlus Ace reportedly claimed on Weibo that his handset became very hot after an hour of gaming. This became a trending topic of discussion on the Chinese microblogging website forcing OnePlus to chime in and clarify that it is normal for a phone to heat up after playing games on it for longer hours. The company said it will not affect the normal use of the phone. Other users also chimed in with similar issues. Sina Technology cited various users who complained that their OnePlus Ace smartphones “became very hot on the first day of use” (translated). One of the users claimed that their device's battery temperature reached 43.7 degrees Celsius, and the CPU was at 46.5 degrees Celsius when they played Genshin Impact on it for an hour. Reportedly, some users also provided...

OnePlus Nord Watch Renders, Specifications Surface Online; Tipped to Come With SpO2 Tracking

OnePlus Nord Watch is said to feature heart rate monitor. OnePlus Nord Watch is confirmed to launch in India soon. Ahead of the official announcement, renders of the upcoming wearable have surfaced online, along with its specifications. The renders suggest the design and indicate Blue and Black colour options for the OnePlus Nord Watch. The renders also show a rectangular dial with a side-mounted button for navigation. The OnePlus Nord Watch is confirmed to feature a 1.78-inch AMOLED display with 500 nits of peak brightness and a 368x448 pixels resolution. Known tipster Ishan Agarwal (@ishanagarwal24), in association with 91Mobiles, has leaked the alleged renders and specifications of the OnePlus Nord Watch. As mentioned, the renders show the smartwatch in Black and Blue shades. The renders suggest a rectangular display with a black shade for the wearable. It is shown with a side-mounted button for navigation through the UI. The renders also suggest some features including hea...

Redmi Note 11S First Impressions: When Specs Trump Design

  Xiaomi's smartphone portfolio is a bit confusing at the moment, as the company continues to launch new phones at a rapid pace. The latest additions include the Redmi Note 11 and the Redmi Note 11S which  fill out a new Redmi 11 generation. We don't yet have new Pro or Pro Max models in this new series to replace the wildly popular Redmi Note 10 Pro (Review) at its price level, but the new Redmi Note 11S, which we'll be looking at today, could offer what you're looking for but at a lower price. The Redmi Note 11S is a 4G-only smartphone and its crowning feature is its 108-megapixel main camera. It's worth noting that Xiaomi has managed to offer this at a very aggressive starting price of just Rs. 16,499. The rest of the Redmi Note 11S's features are also in line with what one would expect from a phone in this segment in 2022. While there's still a lot of testing to be done before our full review is ready, here's a quick first look ...