Skip to main content

Microsoft discloses macOS vulnerability that ‘could lead to unauthorized user data access,’ patched last month

Avatar for Chance Miller  | Jan 10 2022 - 9:22 am PT
0 Comments
macOS Monterey 12.1

Microsoft is disclosing a new macOS vulnerability that “could allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology.” Microsoft says that Apple patched this vulnerability last month as part of updates to macOS Big Sur and macOS Monterey, and it is encouraging all users to make sure they are running the latest versions of those operating systems.

Apple disclosed its patch for this vulnerability when it released macOS Monterey 12.1 and macOS Big Sur 11.6.2 on December 13. At the time, Apple simply explained that an application may have been able to bypass Privacy preferences and that it addressed a “logic issue” to patch the vulnerability.

Now that the fix for the issue has been available for nearly a month, Microsoft has published a more in-depth blog post detailing the problem. Authored by the Microsoft 365 Defender Research Team, the blog post explains that TCC is a technology that prevents apps from accessing users’ personal information without their prior consent and knowledge.

In the case of macOS, this refers to the Security and Privacy pane located in the System Preferences application. This vulnerability, which Microsoft is calling ‘powerdir,’ could have given an attacker full access to the TCC database.

The TCC includes databases that contain “consent history for app requests.”

  1. If the app and the type of request have a record in the TCC databases, then a flag in the database entry dictates whether to allow or deny the request without automatically and without any user interaction.
  2. If the app and the type of request do not have a record in the TCC databases, then a prompt is presented to the user, who decides whether to grant or deny access. The said decision is backed into the databases so that succeeding similar requests will now fall under the first scenario.

If an attacker was granted full access to the TCC database, Microsoft explains:

Given these, should a malicious actor gain full disk access to the TCC databases, they could edit it to grant arbitrary permissions to any app they choose, including their own malicious app. The affected user would also not be prompted to allow or deny the said permissions, thus allowing the app to run with configurations they may not have known or consented to.

The full blog post from Microsoft is well worth a read if you’re a security expert. And again, make sure your Mac is running the latest version of macOS Monterey or macOS Big Sur to ensure you’re protected.

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

macOS

macOS

Author

Avatar for Chance Miller Chance Miller

Chance is an editor for the entire 9to5 network and covers the latest Apple news for 9to5Mac.

Tips, questions, typos to chance@9to5mac.com

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing