Microsoft research shows how macOS bug could give hackers access to your data

0
1



Microsoft researchers have detailed a vulnerability in Apple’s macOS that could lead hackers to gain access to all users’ data except for macOS’ built-in security mechanisms. The vulnerability, dubbed “PowerDir”, enables hackers to bypass macOS’s Transparency, Consent and Control (TCC) technology and gain unauthorized access to a user’s protected data.

Apple first introduced TCC in 2012 with the launch of macOS Mountain Lion. TCC, as Microsoft detailed in a blog post, is designed to help users configure their apps’ privacy settings, such as access to a device’s camera, microphone, or location, as well as Access to the user’s calendar or iCloud account. other. Now, to protect TCC, “Apple introduced a feature that prevents unauthorized code execution and implemented a policy that restricts access to TCC only to apps with full disk access,” the company said in a blog post. I explained.

“We found that it is possible to programmatically change a target user’s home directory and apply a fake TCC database, which stores the consent history of app requests,” the company added in a blog post. Microsoft says this vulnerability could allow a malicious actor to plan an attack based on a user’s protected personal data.

For example, an attacker can hijack an app installed on a device or install its own malicious app on the device and access the microphone to record private conversations or take screenshots of sensitive information displayed on a user’s screen. can capture.

In the same blog post, Microsoft researchers also showed a proof of concept of how such an attack would work. Microsoft also shared details about this vulnerability with Apple, which released a security patch to fix this bug as part of the macOS Monterey 12.1 update released last month. The vulnerability is listed in the security update as CVE-2021-30970. This means that all users who have installed the latest version of macOS on Monterey on their Apple devices are protected from this bug. However, if you haven’t downloaded macOS 12.1 yet, you should do so as soon as possible to protect your personal data from hackers.

Subsequent research from Microsoft that reveals how a macOS bug could give hackers access to your data first appeared on BGR India.

Leave a Reply