Microsoft details macOS vulnerability that allowed protected data access
Microsoft has released details of the "Powerdir" vulnerability that allowed an attacker to access protected data on a Mac, prior to the December macOS Monterey patches.
Published on Monday, the blog by the Microsoft 365 Defender Research Team explains the details behind the Powerdir vulnerability. The discovery could allow attackers to "bypass the operating system's Transparency, Consent and Control (TCC) technology" allowing access to protected user data.
TCC was introduced by Apple to macOS Mountain Lion in April 2012, and is designed to help users configure privacy settings for apps. For example, it would enable or deny access to onboard cameras and microphones, a user's calendar, or an iCloud account.
As a means to protect TCC, Apple also included a feature to prevent unauthorized code execution, as well as adding a policy restricting access to TCC only to apps with full disk access.
In its lengthy explanation, Microsoft says it managed to work out how to change a user's home directory to plant a fake TCC database. An attacker could then use the database change to perform an attack on elements that would otherwise be protected by TCC normally.
This could involve an attacker taking over an app already installed on the Mac, or installing one of their own, and in turn accessing the user's data. It could also feasibly be used to gain access to a connected camera or mic, to actively spy on the user.
Microsoft responsibly disclosed the discovery with Apple, which led to the creation of a fix. Apple patched the exploit as part of its update to macOS 12.1 on December 13.
It is unclear exactly how severe the vulnerability is to exploitation, but a reading suggests the risk is reasonably low for most users. Changing the home directory would normally require local access, or pairing with some form of mechanism that grants a level of control for it to work remotely, and it is prevented for anyone who regularly updates their Mac anyway.
It is generally good practice to update all Macs to the latest supported operating system update, as soon as possible after its release.
Read on AppleInsider
Published on Monday, the blog by the Microsoft 365 Defender Research Team explains the details behind the Powerdir vulnerability. The discovery could allow attackers to "bypass the operating system's Transparency, Consent and Control (TCC) technology" allowing access to protected user data.
TCC was introduced by Apple to macOS Mountain Lion in April 2012, and is designed to help users configure privacy settings for apps. For example, it would enable or deny access to onboard cameras and microphones, a user's calendar, or an iCloud account.
As a means to protect TCC, Apple also included a feature to prevent unauthorized code execution, as well as adding a policy restricting access to TCC only to apps with full disk access.
In its lengthy explanation, Microsoft says it managed to work out how to change a user's home directory to plant a fake TCC database. An attacker could then use the database change to perform an attack on elements that would otherwise be protected by TCC normally.
This could involve an attacker taking over an app already installed on the Mac, or installing one of their own, and in turn accessing the user's data. It could also feasibly be used to gain access to a connected camera or mic, to actively spy on the user.
Microsoft responsibly disclosed the discovery with Apple, which led to the creation of a fix. Apple patched the exploit as part of its update to macOS 12.1 on December 13.
It is unclear exactly how severe the vulnerability is to exploitation, but a reading suggests the risk is reasonably low for most users. Changing the home directory would normally require local access, or pairing with some form of mechanism that grants a level of control for it to work remotely, and it is prevented for anyone who regularly updates their Mac anyway.
How to protect yourself
As macOS Monterey 12.1 is protected from the issue, the simple answer is to update macOS to the latest version. Apple also released an update at the same time for macOS Big Sur 11.6.2, so older Macs that don't support Monterey can be protected from the problem.It is generally good practice to update all Macs to the latest supported operating system update, as soon as possible after its release.
Read on AppleInsider
Comments
5 posts??
Microsoft details Windows vulnerability that allowed…
The level of Mac malware is not acceptable, says Apple’s Craig Federighi at Epic trial - The Verge
And when you see the whole picture, macOS above 10% in worldwide usage. Can you imagine what would happen if it reach the 90% of Windows? I think it would be at the same level of Windows, maybe worse. Who knows.
https://www.microsoft.com/en-us/msrc/msvr?rtc=1
https://www.microsoft.com/en-us/msrc/cvd?rtc=1
And I agree, Microsoft doesn’t do anything that isn’t of value to them. Considering many of their customer use macOS, it will benefit to secure and protect them, which at the end helps to improve the security in business and enterprises that use the MS ecosystem. It also help to improve Microsoft Defender for Endpoint, that has a macOS client.
BTW, I have +1200 posts. Is that good enough?
What’s wrong with having 5 posts?