Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology to access users' protected data.
The Microsoft 365 Defender Research Team has reported the vulnerability dubbed
powerdir (tracked as
CVE-2021-30970) to Apple on July 15, 2021, via the Microsoft Security Vulnerability Research (MSVR).
TCC is security tech designed to block apps from accessing sensitive user data by allowing macOS users to configure privacy settings for the apps installed on their systems and devices connected to their Macs, including cameras and microphones. While Apple has restricted TCC access only to apps with full disk access and set up features to automatically block unauthorized code execution, Microsoft security researchers found that attackers could plant a second, specially crafted TCC database that would allow them to access protected user info.
"We discovered that it is possible to programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests,"
said Jonathan Bar Or, a principal security researcher at Microsoft. "If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data.
