Time Machine mounts ( CVE-2020-9771): macOS offers a built-in backup and restore solution called Time Machine.Microsoft listed this trio of past vulnerabilities:
This isn’t the first time that TCC databases have shown themselves to be susceptible to bypass. The affected user would also not be prompted to allow or deny the said permissions, thus allowing the app to run with configurations they may not have known or consented to.” Prior TCC Trespasses
If an attacker gets full disk access to the TCC databases, Microsoft explained that the world’s then their app oyster: “They could edit it to grant arbitrary permissions to any app they choose, including their own malicious app. The said decision is backed into the databases so that succeeding similar requests will now fall under the first scenario. If the app and the type of request do not have a record in the TCC databases, then a prompt is presented to the user, who decides whether to grant or deny access.If the app and the type of request have a record in the TCC databases, then a flag in the database entry dictates whether to allow or deny the request - automatically and without any user interaction.Source: Microsoft.Īs Microsoft explained, when an app requests access to protected user data, one of two things can happen:
The macOS Security & Privacy pane that serves as the front end of TCC. Typically, users manage TCC under System Preferences in macOS (System Preferences > Security & Privacy > Privacy).
“For example, the attacker could hijack an app installed on the device – or install their own malicious app – and access the microphone to record private conversations or capture screenshots of sensitive information displayed on the user’s screen.” “If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data,” they explained in Monday’s advisory.
The feature prevents unauthorized code execution by restricting full disk access to only those apps with appropriate privileges – at least, that’s the way it’s supposed to work.īut Microsoft researchers discovered that it’s possible to programmatically change a target user’s home directory and to plant a fake TCC database. TCC stores the consent history of app requests. At the time, as is typical, Apple didn’t give much detail, merely stating that the flaw was a logic issue that could allow a malicious to bypass privacy preferences: A flaw that it addressed with improved state management. Introduced in 2012 in macOS Mountain Lion, TCC helps users to configure their apps’ privacy settings by requiring that all apps get user consent before accessing files in Documents, Downloads, Desktop, iCloud Drive, calendar and network volumes, as well as before the apps are allowed to access the device’s camera, microphone or location.Īpple released a fix for the vulnerability – identified as CVE-2021-30970 – in macOS Big Sur and macOS Monterey, as part of its Dec. Specifically, it could allow an attacker to bypass the operating system’s Transparency, Consent and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data, the Microsoft 365 Defender Research Team said in its advisory. The vulnerability allows malicious apps to bypass privacy preferences. Microsoft on Monday released details about a bug in macOS that Apple fixed last month – named “powerdir” – that could let attackers hijack apps, install their own nasty apps, use the microphone to eavesdrop or grab screenshots of whatever’s displayed on your screen.