Following its discovery of the Shrootless vulnerability back in October 2021, Microsoft has uncovered a new macOS vulnerability that it says could be exploited to gain unauthorized access to a user's data.
Tracked as CVE-2021-30970, the new “powerdir” flaw found by the Microsoft 365 Defender Research Team could allow an attacker to bypass the Transparency, Consent and Control (TCC) technology in Apple's desktop operation system, the company wrote in a blog post.
Powerdir vulnerability
During its investigation into the matter, the Microsoft 365 Defender Research Team discovered that it was possible to programmatically change a target user's home directory and plant a fake TCC database capable of storing the consent history of app requests.
If the powerdir vulnerability is exploited on unpatched systems, it could allow a malicious actor to potentially orchestrate an attack based on a user's protected personal data. For instance, an attacker could hijack an app installed on a device or even install their own malicious app and access the microphone on a MacBook to record private conversations or capture screenshots of sensitive information displayed on a user's screen.
This isn't the first TCC vulnerability that has been discovered and subsequently patched. However, it was by examining one of the latest fixes that Microsoft came across powerdir. The company's research team even had to update its proof-of-concept (POC) exploit because the initial version no longer worked on the latest version of macOS (Monterey).
After discovering the powerdir vulnerability, Microsoft shared its findings with Apple through Coordinated Vulnerability Disclosure (CVD) and Apple released a fix as part of a series of security updates released in December of last year. To prevent falling victim to any potential attacks, macOS users should download and apply the latest security updates as soon as possible.
- We've also rounded up the best malware removal software and best endpoint protection software
