This serious macOS vulnerability could allow attackers to access all your private data
MacOS users should patch their systems now to protect against new powerdir vulnerability
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Following its discovery of theShrootless vulnerabilityback in October 2021,Microsofthas uncovered a new macOS vulnerability that it says could be exploited to gain unauthorized access to a user’s data.
Tracked asCVE-2021-30970, the new “powerdir” flaw found by the Microsoft 365 Defender Research Team could allow an attacker to bypass the Transparency, Consent and Control (TCC) technology inApple’s desktop operation system, the company wrote in ablog post.
First introduced back in 2012 on macOS Mountain Lion,TCCwas created to help Mac users configure the privacy settings of their apps such as which ones have access to a device’s camera, microphone or location in addition to a user’s calendar oriCloudaccount.
To protect TCC, Apple introduced a feature that prevented unauthorized code execution and enforced a policy that restricts access to TCC only to apps with full disk access. There are actually two kinds of TCC databases under the hood in macOS and the user-specific database stores permissions types that only apply to a specific user profile while the system-wide database contains stored permission types that apply on a system level and can be accessed by users with root or full disk access.
Powerdir vulnerability
During its investigation into the matter, theMicrosoft 365 Defender Research Teamdiscovered that it was possible to programmatically change a target user’s home directory and plant a fake TCC database capable of storing the consent history of app requests.
If the powerdir vulnerability is exploited on unpatched systems, it could allow a malicious actor to potentially orchestrate an attack based on a user’s protected personal data. For instance, an attacker could hijack an app installed on a device or even install their own malicious app and access the microphone on aMacBookto record private conversations or capture screenshots of sensitive information displayed on a user’s screen.
This isn’t the first TCC vulnerability that has been discovered and subsequently patched. However, it was by examining one of the latest fixes that Microsoft came across powerdir. The company’s research team even had to update its proof-of-concept (POC) exploit because the initial version no longer worked on the latest version of macOS (Monterey).
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After discovering the powerdir vulnerability, Microsoft shared its findings with Apple through Coordinated Vulnerability Disclosure (CVD) and Apple released a fix as part of aseries of security updatesreleased in December of last year. To prevent falling victim to any potential attacks, macOS users should download and apply the latest security updates as soon as possible.
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case
