Microsoft has detailed an existing vulnerability in macOS that could allow an attacker to bypass its built-in technology controls and gain access to users’ protected data. Dubbed “powerdir”, the issue affects the system called Transparency, Consent and Control (TCC), which has been available since 2012 to help users configure their apps’ privacy settings. It could allow attackers to hijack an existing application installed on a Mac computer or install their own application and start accessing hardware, including a microphone and camera, to obtain user data.
Like detailed in a blog post, the macOS vulnerability could be exploited by bypassing the TCC to target users’ sensitive data. Apple notably fixed the flaw in the macOS Monterey 12.1 update that was released last month. That was also fixed via macOS Big Sur version 11.6.2 for older hardware. However, devices using an older version of macOS are still vulnerable.
Apple is using TCC to help users configure privacy settings such as access to the device’s camera, microphone and location, as well as services including calendar and iCloud account. technology is available for access through security and privacy section in System Preferences.
In addition to the TCC, Apple uses a feature that aims to prevent systems from executing unauthorized code and enforces a policy that restricts access to the TCC to only applications with full disk access. An attacker could, however, change a target user’s home directory and plant a fake TCC database to obtain the consent history of application requests, Microsoft security researcher Jonathan Bar Or said in the blog post.
“If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data,” the researcher said.
Microsoft researchers have also developed a proof of concept to demonstrate how the vulnerability can be exploited by changing privacy settings in any specific application.
Apple has recognized the efforts made by the Microsoft team in their security document. Vulnerability is tracked as CVE-2021-30970.
See the latest from the Consumer Electronics Show on Gadgets 360 in our CES 2022 hub.
.