Microsoft: macOS ‘Powerdir’ Flaw Could Let Attackers Gain Access to User Data

Microsoft today disclosed a vulnerability in Apple’s macOS that could enable an attacker to gain unauthorized access to protected user data through bypassing the Transparency, Consent, and Control (TCC) technology in the operating system. The Microsoft Security Vulnerability Research (MSVR) team reported its discovery to Apple’s product security team on July 15, 2021. Apple addressed CVE-2021-30970, dubbed “Powerdir,” in a rollout of security updates released on Dec. 13.

TCC is an Apple subsystem introduced in 2012 in macOS Mountain Lion. The technology was designed to help users configure the privacy settings of their device’s applications — for example, access to the camera or microphone or their calendar or iCloud account. To secure TCC, Apple created a feature that prevents unauthorized code execution and enforced a policy that limited TCC access only to applications with full disk access.

The vulnerability Microsoft found would allow adversaries to work around this feature and launch an attack on a macOS device. When an app requests access to protected user data, one of two actions can occur: If the app and request type has a record in the TCC databases, then a flag in the database entry says whether the request should be allowed or denied without user interaction. If they do not have a record, the user is prompted to grant or deny access. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *