Microsoft security researchers found a macOS exploit that can alter TCC permissions

Cal Jeffrey

Posts: 3,447   +1,029
Staff member
Why it matters: On Monday, Microsoft publicly disclosed a vulnerability in macOS that could be used to access or exfiltrate sensitive user data. The exploit is facilitated by a flaw in the Transparency, Consent, and Control (TCC) framework. The TCC platform is part of macOS that allows users to control what apps can access users' data, files, and components.

Microsoft 365 Defender Research Team dubbed the vulnerability (CVE-2021-30970) "powerdir" named after the software exploit created by Microsoft researcher Jonathan Bar Or. Microsoft notified Cupertino of the security flaw in July 2021. Apple patched the flaw in December with macOS 11.6 and 12.1.

"We discovered that it is possible to programmatically change a target user's home directory and plant a fake TCC database, which stores the consent history of app requests," explained Or. "If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user's protected personal data."

Screenshots show the program granting Or access to both the microphone and camera. However, the TCC also maintains permission for other components, including screen recording, Bluetooth, location services, contacts, photos, and more.

While Microsoft created the software specifically for this task, any app could use the same technique to exploit the hole. The attacker needs full disk access to the TCC database, which could be granted via other methods. Once gained, hackers can assign or reassign access permissions as they please.

Powerdir is the third TCC bypass found in the last couple of years. The other two (CVE-2020-9934 and CVE-2020-27937) were disclosed and patched in 2020. Another flaw (CVE-2021-30713) found last year in all Apple operating systems allowed attackers arbitrary control over permissions, which hackers actively exploited before being fixed in May.

Permalink to story.

 

kiwigraeme

Posts: 980   +716
Does seem strange - all these stories . Microsoft finds bugs here , there
Google finds bugs here and there .
Apple - zip , nada , zilch

Now maybe I miss those stories , maybe Apple does it secretly - but when I see that donut of a building - I just see a Leech masquerading as a Giant Tick .
Does Apple do anything that's not about clipping ( the ticket (YOU )) maximum Iwool?

Well suppose Meta is far more cynical - even given that I find more stories of FarceBook doing more open Research .
Alphabet/Meta want your eyeballs + for Google streaming /apps etc ( doesn't FB sell movies/streaming ? ( don't know - never had an account )

Apple want everything your banking, shopping, health, driving , insurance, media . It's not just a walled garden. They want to be your Gate Keepers - that's why I find it strange people heavily into Apple complaining about google search - yet Apple says it's Eula it spies on everything you do , reads every email , scans every photo . Builds a massive profile on you to make was it $35 Billion in advert revenue directly and from third parties ( we don't give 3rd parties you info - yeah but you packaged them up for advertisers - your say toe-mah-toe - I say toe-made-toe )
 

wiyosaya

Posts: 7,474   +6,257
The title of this piece should have been:

Breaking news: Microsoft researchers finish closing off every potential vulnerability in Windows and have enough free time to test Apple's OS
Well done Microsoft, now back to your Print spooler and MS Edge browser vulnerabilities.
Color me skeptical, if you must, however, I cannot help but think M$ is doing this as a marketing ploy. :rolleyes: