Microsoft is warning Mac users to update to the latest version of MacOS Monterey after it found a vulnerability in Apple’s Transparency, Consent, and Control feature.
Introduced in 2012 with MacOS Mountain Lion, TCC is designed to help control an app’s access to things such as the camera, microphone, and data. When an app requests access to protected data, the request is compared to existing stored records in a special database. If the records exist, then the app is denied or approved access based on a flag that denotes the level of access.
According to Microsoft, the “powerdir” vulnerability, also known as CVE-2021-30970, was actually exploited two times by their security researchers. The first “proof of concept” exploit basically planted a fake TCC database file and changed the user’s home directory. The second proof of concept exploit came about because a change in MacOS Monterey’s dsimport tool broke the first exploit. This new exploit allows an attacker to use code injection to change binary called /usr/libexec/configd. This binary is responsible for making system level configuration changes, including access to the TCC database. This allowed Microsoft to silently change the home directory and execute the same kind of attack as the first exploit.
Great news
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: engadget - 🏆 276. / 63 Read more »
Source: DigitalTrends - 🏆 95. / 65 Read more »
Source: DigitalTrends - 🏆 95. / 65 Read more »
Source: DigitalTrends - 🏆 95. / 65 Read more »
Source: DigitalTrends - 🏆 95. / 65 Read more »
Source: DigitalTrends - 🏆 95. / 65 Read more »