Powerdir - New MacOS vulnerability can Lead to Unauthorized User Data Access
Reading Time: 2 minutes

Microsoft has discovered Powerdir, a new macOS vulnerability that can lead to unauthorized user data access. The latest vulnerability can allow bad actors to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain access to users’ protected data. 

Earlier Apple has released a fix for the vulnerabilities after they were shared with them via Microsoft Security Vulnerability Research (MSVR).  The vulnerability is now identified as CVE-2021-30970, patches for which have been released as part of security updates on December 13, 2021. macOS users are advised to apply these security updates as soon as possible.

Apple introduced TCC technology back in 2012, to help users configure the privacy settings of their apps, such as access to the device’s camera, microphone, or location. It also enables access to the user’s calendar or iCloud account, among others. To prevent the unauthorized code execution Apple introduced a feature and enforced a policy to restrict access to TCC to apps with full disk access. 

According to Microsoft researchers, it is possible to plant a fake TCC database by programmatically changing the target users’ home directory and using it to store the consent history of app requests. This makes it vulnerable to malicious actors to carry out an attack based on the user’s protected personal data on unpatched systems. 

Microsoft in its report said, “It was also through our examination of one of the latest fixes that we came across this bug. In fact, during this research, we had to update our proof-of-concept (POC) exploit because the initial version no longer worked on the latest macOS version, Monterey. This shows that even as macOS or other operating systems and applications become more hardened with each release, software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them.”

Microsoft security researchers continue to monitor the threat landscape on macOS and other non-Windows devices. Their studies enable them to enrich their protection technologies and solutions, such as Microsoft Defender for Endpoint, that give organizations visibility of their networks. You can read more about Transparency, Consent, and Control (TCC) technology here

Related Articles:
University of California Researchers Develop a Technique to Discover Inconsistencies in Smart Contracts
Hackers Target Real Estate Websites with Skimmers
SlimPay fined €180k after having 12 million customers’ data publicly accessible for five years.