Lucene search

K
thnThe Hacker NewsTHN:6D9C30F48BF06002190A9401A9E9AFC8
HistoryJan 11, 2022 - 7:09 a.m.

Microsoft Details macOS Bug That Could Let Attackers Gain Access to User Data

2022-01-1107:09:00
The Hacker News
thehackernews.com
99

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

macOS

Microsoft on Monday disclosed details of a recently patched security vulnerability in Appleโ€™s macOS operating system that could be weaponized by a threat actor to expose usersโ€™ personal information.

Tracked as CVE-2021-30970, the flaw concerns a logic issue in the Transparency, Consent and Control (TCC) security framework, which enables users to configure the privacy settings of their apps and provide access to protected files and app data. The Security & Privacy pane in the macOS System Preferences app serves as the front end of TCC.

Microsoft 365 Defender Research Team, which reported the vulnerability to Apple on July 15, 2021, dubbed the flaw โ€œpowerdir.โ€ Apple addressed the issue as part of macOS 11.6 and 12.1 updates released in December 2021 with improved state management.

While Apple does enforce a policy that limits access to TCC to only apps with full disk access, itโ€™s possible to orchestrate an attack wherein a malicious application could work around its privacy preferences to retrieve sensitive information from the machine, potentially allowing an adversary to access microphone to record private conversations or capture screenshots of sensitive information displayed on the userโ€™s screen.

โ€œWe discovered that it is possible to programmatically change a target userโ€™s home directory and plant a fake TCC database, which stores the consent history of app requests,โ€ Jonathan Bar Or of Microsoft 365 Defender Research Team said. โ€œIf exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the userโ€™s protected personal data.โ€

macOS

In other words, if a bad actor gains full disk access to the TCC databases, the intruder could edit it to grant arbitrary permissions to any app of their choice, including their own, effectively permitting the app run with configurations previously not consented to.

CVE-2021-30970 is also the third TCC-related bypass vulnerability to be discovered after CVE-2020-9934 and CVE-2020-27937, both of which have since been remediated by Apple. Then in May 2021, the company also patched a then zero-day flaw in the same component (CVE-2021-30713) that could allow an attacker to gain full disk access, screen recording, or other permissions without usersโ€™ explicit consent.

โ€œThis shows that even as macOS or other operating systems and applications become more hardened with each release, software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them,โ€ Bar Or said.

Found this article interesting? Follow THN on Facebook, Twitter ๏‚™ and LinkedIn to read more exclusive content we post.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P