Skip to main content

Microsoft discloses macOS vulnerability that ‘could lead to unauthorized user data access,’ patched last month

Microsoft is disclosing a new macOS vulnerability that “could allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology.” Microsoft says that Apple patched this vulnerability last month as part of updates to macOS Big Sur and macOS Monterey, and it is encouraging all users to make sure they are running the latest versions of those operating systems.

Apple disclosed its patch for this vulnerability when it released macOS Monterey 12.1 and macOS Big Sur 11.6.2 on December 13. At the time, Apple simply explained that an application may have been able to bypass Privacy preferences and that it addressed a “logic issue” to patch the vulnerability.

Now that the fix for the issue has been available for nearly a month, Microsoft has published a more in-depth blog post detailing the problem. Authored by the Microsoft 365 Defender Research Team, the blog post explains that TCC is a technology that prevents apps from accessing users’ personal information without their prior consent and knowledge.

In the case of macOS, this refers to the Security and Privacy pane located in the System Preferences application. This vulnerability, which Microsoft is calling ‘powerdir,’ could have given an attacker full access to the TCC database.

The TCC includes databases that contain “consent history for app requests.”

  1. If the app and the type of request have a record in the TCC databases, then a flag in the database entry dictates whether to allow or deny the request without automatically and without any user interaction.
  2. If the app and the type of request do not have a record in the TCC databases, then a prompt is presented to the user, who decides whether to grant or deny access. The said decision is backed into the databases so that succeeding similar requests will now fall under the first scenario.

If an attacker was granted full access to the TCC database, Microsoft explains:

Given these, should a malicious actor gain full disk access to the TCC databases, they could edit it to grant arbitrary permissions to any app they choose, including their own malicious app. The affected user would also not be prompted to allow or deny the said permissions, thus allowing the app to run with configurations they may not have known or consented to.

The full blog post from Microsoft is well worth a read if you’re a security expert. And again, make sure your Mac is running the latest version of macOS Monterey or macOS Big Sur to ensure you’re protected.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications