Researchers at Windows maker Microsoft have found a vulnerability that existed in macOS which could allow attackers to gain access to user’s data. The vulnerability is said to bypass the existing macOS privacy controls to gain access to users’ protected data. The vulnerability, dubbed “powerdir," affects a system called Transparency, Consent, and Controls (TCC) in macOS that has been available since 2012. It help users configure privacy settings on their apps.
The researchers at Microsoft detailed the vulnerability in a blog post, saying that it allows attackers to hijack an existing app installed on a Mac or install their own app on a computer and access hardware including the microphone and camera to get access to user’s data. Apple, according to reports, fixed the flaw in macOS Monterey 12.1 update that came last month. Previously, it was addressed in a macOS Big Sur update for older Mac computers. But devices on older versions of macOS are still vulnerable to this.
Apple uses TCC to help users configure privacy settings such as access to the device’s camera and microphone, along with location as well as services including calendar and iCloud account. Apart from this, Apple also uses a feature that is aimed at preventing systems from unauthorised code execution and enforced a policy that restricts access to TCC to only apps with full disk access. However, an attacker can still target a user’s home directory and put a fake TCC database to gain the consent of the history of app requests. “If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data," Jonathan Bar Or, a Microsoft security researcher said in the blog post.
Apple has acknowledged the issue in a security document, crediting the team at Microsoft for its efforts. The vulnerability has been named CVE-2021-30970. The researchers at Microsoft have also developed a proof-of-concept that shows how this vulnerability can be exploited by changing the privacy settings on any app.