Microsoft: powerdir bug gives access to protected macOS user data

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,060
Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology to access users' protected data.

The Microsoft 365 Defender Research Team has reported the vulnerability dubbed powerdir (tracked as CVE-2021-30970) to Apple on July 15, 2021, via the Microsoft Security Vulnerability Research (MSVR).

TCC is security tech designed to block apps from accessing sensitive user data by allowing macOS users to configure privacy settings for the apps installed on their systems and devices connected to their Macs, including cameras and microphones. While Apple has restricted TCC access only to apps with full disk access and set up features to automatically block unauthorized code execution, Microsoft security researchers found that attackers could plant a second, specially crafted TCC database that would allow them to access protected user info.

"We discovered that it is possible to programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests," said Jonathan Bar Or, a principal security researcher at Microsoft. "If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data.
Apple has fixed the vulnerability in security updates released last month, on December 13, 2021. "A malicious application may be able to bypass Privacy preferences," the company explained in the security advisory.
 
Top