Microsoft Touts Fixing Security Hole in macOS Privacy Component -- Redmondmag.com

Microsoft Touts Fixing Security Hole in macOS Privacy Component

By Kurt Mackie
01/11/2022

Microsoft on Monday shared its proof-of-concept security research efforts in uncovering macOS vulnerabilities in the operating system's Transparency, Consent and Control (TCC) technology.

The vulnerabilities, dubbed "powerdir," may have allowed attackers to access the personal data of macOS users. It was also possible to use the vulnerabilities to alter macOS device functions, such as turning on the device's camera or microphone, Microsoft contended.

Apple issued patches for these vulnerabilities, with the latest one issued for macOS Monterey 12. 1 on Dec, 13. Apple credited Microsoft researcher Jonathan Bar Or for uncovering TCC vulnerability "CVE-2021-30970."

This patch apparently was the second one issued by Apple. According to Or's account, Microsoft was able to overcome an earlier fix by Apple with new proof-of-concept code that overcame Apple's earlier TCC fix.

TCC was first introduced by Apple in 2012 to help users configure privacy policies for apps, as well as the device's microphone and camera, Or noted. It made its first appearance on the macOS Mountain Lion operating system, he added.

Microsoft researchers, though, had found a way to edit the databases used by the TCC component via proof-of-concept code. Such a vulnerability, if left unpatched, could permit attackers to "grant arbitrary permissions to any app they choose, including their own malicious app."

While full disk access seemed to be necessary to carry out such attacks, Or described leveraging other macOS exploits to gain such privileges. Attackers could use a vulnerability in Time Machine backups or could poison the TCC's database file path. It also was possible to simply plant code in a target app bundle, he suggested.

The TCC vulnerabilities apparently were patched by Apple on Dec. 13. Or noted that Microsoft's security research, like the TCC research, is used more generally to improve Microsoft's security products. For instance, he touted Microsoft Defender for Endpoint as being able to "quickly discover, prioritize, and remediate misconfigurations and vulnerabilities, such as the powerdir vulnerability," even before a patch release by Apple.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.