Microsoft: This macOS bug could bypass controls and access private user data

Microsoft has detailed how malware on macOS can bypass privacy preferences enforced by Apple’s macOS system called Transparency, Consent, and Control (TCC) for controlling apps’ access to sensitive user data. 

The ‘powerdir’ bug, which Apple fixed in its December 13 update for macOS up to Monterey, lets an attacker bypass TCC to gain access to a user’s protected data. 

The bug was discovered by Microsoft security researcher Jonathan Bar Or. Microsoft is interested in macOS security because Defender for Endpoint can be used in an enterprise to protect non-Windows devices.

Microsoft’s 365 Defender Research Team noted in a blog post that Apple introduced a feature to protect TCC that “prevents unauthorized code execution and enforced a policy that restricts access to TCC to only apps with full disk access.”

However, Or discovered that it is “possible to programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests.”

“If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data,” Microsoft said. 

An attacker could hijack an already installed app or install their own malicious app to access the microphone to record private conversations or capture

Read More: