Following Microsoft‘s discovery of the Shrootless vulnerability in October last year, the company claims to have discovered a new macOS vulnerability that it claims could be exploited to gain unauthorized access to users’ private data.
Although there is a belief by some users that it is not possible for viruses to enter the Apple operating system or suffer vulnerabilities, the news tells us otherwise. A malware is usually a constant concern, since they are capable of stealing our most confidential data , accounts and kidnap all kinds of information.
CBT technology
Tracked as CVE-2021-30970, the new vulnerability known as “Powerdir” found by the Microsoft 365 Defender research team could allow an attacker to bypass the Transparency, Consent, and Control (TCC) technology in Microsoft’s desktop operating system. Apple writes the company on its official blog.
First introduced in 2012 in macOS Mountain Lion, TCC (Transparency, Consent, and Control) was created to help Mac users configure privacy settings for their apps. Within these settings, it is contemplated which applications have access to the camera, microphone or location of a device, in addition to the calendar or the iCloud account of each user. To protect TCC, Apple introduced a feature to prevent unauthorized code execution by enforcing a policy that restricted access to TCC to only applications with full disk access.
“There are two types of TCC databases. The user-specific database stores permission types that only apply to a specific user profile, while the system-wide database contains stored permission types that apply at the system level and can be accessed . by users with root or full access to the disk.
Powerdir vulnerability
The Microsoft 365 Defender research team has discovered that it is possible to programmatically change a targeted user’s home directory and associate a fake TCC database capable of storing app request consent history.
If the Powedir vulnerability is exploited on unpatched systems, it could allow a malicious actor to enter based on a user’s protected personal data. For example, it would be possible for the attacker to gain access to an application installed inside our device, and even install their own malicious application by accessing the microphone of a MacBook. This could accomplish recording private conversations or taking screenshots of sensitive information .
It is not the first time that a vulnerability of this type has been detected to be subsequently repaired, but it was when examining some recent corrections that Microsoft found Powedir. The team had to update their proof-of-concept (POC) exploit because the initial version no longer worked on the latest version of macOS Monterey.
Following the discovery, Microsoft shared this finding with Apple through Coordinated Vulnerability Disclosure (CVD), to which Apple responded by releasing a fix as part of a series of security updates the company gave in December last year. If you are a macOS user, it is best to download and apply the latest possible security updates.
