Microsoft Touts Fixing Security Hole in macOS Privacy Component
Microsoft on Monday shared its proof-of-concept security research efforts in uncovering macOS vulnerabilities in the operating system’s Transparency, Consent and Control (TCC) technology.
The vulnerabilities, dubbed “powerdir,” may have allowed attackers to access the personal data of macOS users. It was also possible to use the vulnerabilities to alter macOS device functions, such as turning on the device’s camera or microphone, Microsoft contended.
Apple issued patches for these vulnerabilities, with the latest one issued for macOS Monterey 12. 1 on Dec, 13. Apple credited Microsoft researcher Jonathan Bar Or for uncovering TCC vulnerability “CVE-2021-30970.”
This patch apparently was the second one issued by Apple. According to Or’s account, Microsoft was able to overcome an earlier fix by Apple with new proof-of-concept code that overcame Apple’s earlier TCC fix.
TCC was first introduced by Apple in 2012 to help users configure privacy policies for apps, as well as the device’s microphone and camera, Or noted. It made its first appearance on the macOS Mountain Lion operating system, he added.
Microsoft researchers, though, had found a way to edit the databases used by the TCC component via proof-of-concept code. Such a vulnerability, if left unpatched, could permit attackers to “grant arbitrary permissions to any app they choose, including their own malicious app.”
While full disk access seemed to be necessary to carry out such attacks, Or described leveraging other macOS exploits to gain such privileges. Attackers could use a vulnerability in Time Machine backups or could poison the TCC’s database file path. It also was possible to simply plant code in a target app bundle, he suggested.
The TCC vulnerabilities apparently were patched by Apple on Dec. 13. Or noted that Microsoft’s security research, like the TCC research, is used more generally to improve Microsoft’s security products. For instance, he touted Microsoft Defender for Endpoint as being able to “quickly discover, prioritize, and remediate misconfigurations and vulnerabilities, such as the powerdir vulnerability,” even before a patch release by Apple.
Kurt Mackie is senior news producer for 1105 Media’s Converge360 group.