Jump to content
  • Sign Up
×
×
  • Create New...

Microsoft Researchers Detail macOS Vulnerability That Could Let Attackers Gain User Data

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please
Researchers Detail macOS Vulnerability That Could Let Attackers Gain User Data

This is the hidden content, please
has detailed a vulnerability that existed in macOS which could allow an attacker to bypass its inbuilt technology controls and gain access to users’ protected data. Dubbed “powerdir,” the issue impacts the system called Transparency, Consent, and Control (TCC) that has been available since 2012 to help users configure privacy settings of their apps. It could let attackers ******* an existing app installed on a Mac computer or install their own app and start accessing hardware including microphone and camera to gain user data.

As

This is the hidden content, please
on a blog post, the macOS vulnerability could be exploited by bypassing TCC to target users’ sensitive data. Apple notably fixed the flaw in the macOS Monterey 12.1 update that was released last month. It was also
This is the hidden content, please
through the macOS Big Sur 11.6.2 release for older hardware. However, devices that are using an older macOS version are still vulnerable.

Apple is using TCC to help users configure privacy settings such as access to the device’s camera, microphone, and location as well as services including calendar and iCloud account. The technology is

This is the hidden content, please
through the Security & Privacy section in System Preferences.

On top of TCC, Apple uses a feature that is aimed to prevent systems from unauthorised code ********** and enforced a policy that restricts access to TCC to only apps with full disk access. An attacker can, though, change a target user’s home directory and plant a fake TCC database to gain the consent history of app requests,

This is the hidden content, please
security researcher Jonathan Bar Or said in the blog post.

“If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an ******* based on the user’s protected personal data,” the researcher said.

This is the hidden content, please
’s researchers also developed a proof-of-concept to demonstrate how the vulnerability could be exploited by changing the privacy settings on any particular app.

Apple has

This is the hidden content, please
the efforts made by the
This is the hidden content, please
team in its security document. The vulnerability is traced as
This is the hidden content, please
.

Affiliate links may be automatically generated – see our ethics statement for details.



This is the hidden content, please

macos vulnerability tcc powerdir

This is the hidden content, please
researchers report apple fix update macos vulnerability,powerdir,
This is the hidden content, please
,apple,macos
#
This is the hidden content, please
#Researchers #Detail #macOS #Vulnerability #Attackers #Gain #User #Data

This is the hidden content, please


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept