Microsoft has recently revealed some details about the risk a macOS bug, which has been a short while ago patched, represents. If exploited by hackers, this could result in users’ personal information’s exposure.
About the macOS Bug
The macOS bug under discussion was classified as CVE-2021-30970, the vulnerability describing a logic issue in the TCC security framework (Transparency, Consent, and Control). By means of this framework, users are able to perform privacy settings configuration along with enabling access to app data or protected files.
Following our discovery of the “Shrootless” vulnerability, Microsoft uncovered a new macOS vulnerability, “powerdir,” that could allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Apple released a fix for this vulnerability, now identified as CVE-2021-30970, as part of security updates released on December 13, 2021. We encourage macOS users to apply these security updates as soon as possible.
According to The HackerNews publication, the bug was reported to Apple on the 15th of July 2021 by Microsoft 365 Defender Research Team. The experts’ team named this vulnerability powerdir.
With the release of macOS 11.6