comscore MacOS bug could give hackers access to your personal information

Microsoft research show how macOS bug could let hackers gain access to your data

Apple released a security patch to fix this bug as a part of macOS Monterey 12.1 update.

MacOS Monterey

Image: Apple

Microsoft researchers have detailed a vulnerability in Apple’s macOS that could lead the hackers to gain access to all of users’ data by bypassing macOS’ built-in security mechanism. The vulnerability dubbed as “powerdir” enables hackers to bypass macOS’ Transparency, Consent, and Control (TCC) technology, and gain unauthorised access to a user’s protected data. Also Read - Biggest acquisitions made in the gaming industry: Microsoft-Activision Blizzard, Tencent-Supercell, and more

Apple first Introduced TCC back in 2012 with the launch of macOS Mountain Lion. TCC, as Microsoft has detailed in a blog post, is designed to help users configure the privacy settings of their apps, such as access to the device’s camera, microphone, or location, as well as access to the user’s calendar or iCloud account, among others. Now, in order to protect TCC, “Apple introduced a feature that prevents unauthorised code execution and enforced a policy that restricts access to TCC to only apps with full disk access,” the company explained in a blog post. Also Read - Sony speaks up for the first time after Microsoft-Activision deal

“We discovered that it is possible to programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests,” the company added in the blog post. Microsoft says that this vulnerability could allow a malicious actor to orchestrate an attack based on the user’s protected personal data. Also Read - Microsoft introduces Surface Pro 8, Surface Pro 7+ in India with 11th Gen Intel processors

For instance, an attacker could hijack an app installed on the device or install their own malicious app on the device and access the microphone to record private conversations or capture screenshots of sensitive information displayed on the user’s screen.

In the same blog post, Microsoft’s researchers also showed a proof of concept as to how such an attack would work. Microsoft also shared details about this vulnerability with Apple, which released a security patch to fix this bug as a part of macOS Monterey 12.1 update that was released last month. The vulnerability is listed in the security update as CVE-2021-30970. This means that all users who have installed the latest version of macOS on Monterey on their Apple devices are protected from this bug. However, if you haven’t downloaded macOS 12.1 yet, you should do it as soon as possible in order to protect your personal data from hackers.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: January 14, 2022 11:52 AM IST

new arrivals in india

Best Sellers