Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
64,822
32,951


Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.

powerdir-exploit-microsoft.jpg

Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the latest version of Monterey are protected. Those who have not done so should update. Apple in its security release notes for the 12.1 update confirmed the TCC vulnerability and credited Microsoft with its discovery.

According to Microsoft, the "Powerdir" security flaw could allow a fake TCC database to be planted. TCC is a long running macOS function that lets users configure the privacy settings of their apps, and with the fake database, a malicious person could hijack an app installed on a Mac or install their own malicious app, accessing the microphone and camera to obtain sensitive info.

Microsoft has a detailed outline of how the vulnerability works, and the company says that its security researchers continue to "monitor the threat landscape" to discover new vulnerabilities and attacker techniques that affect macOS and other non-Windows devices.

"Software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them," wrote Microsoft's security team.

Article Link: Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update
 
Article Link
https://www.macrumors.com/2022/01/10/microsoft-powerdir-macos-vulnerability/
  • Wow
Reactions: RandomDSdevel and Lloigorr
K

kobaltz

macrumors newbie
Jul 27, 2010
25
223
JosephAW said:
Wondering if we’ll get a security update on older MacOS:rolleyes:
Click to expand...
From the CVE

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.

So, it was back ported to Big Sur, but I dunno about Catalina or others.
 
  • Like
Reactions: michaelnugent, Shirasaki, TheGeneralist and 7 others
BWhaler

BWhaler

macrumors 68040
Jan 8, 2003
3,788
6,244
Love to see Microsoft, Google, and Apple working together for our safety and security.

You just know companies like Facebook and Verizon would exploit these holes—and probably do.
 
  • Like
Reactions: u+ive
P

pretzel.revival_0j

macrumors newbie
Jan 10, 2022
2
-6
MacRumors said:


Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.

powerdir-exploit-microsoft.jpg

Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the latest version of Monterey are protected. Those who have not done so should update. Apple in its security release notes for the 12.1 update confirmed the TCC vulnerability and credited Microsoft with its discovery.

According to Microsoft, the "Powerdir" security flaw could allow a fake TCC database to be planted. TCC is a long running macOS function that lets users configure the privacy settings of their apps, and with the fake database, a malicious person could hijack an app installed on a Mac or install their own malicious app, accessing the microphone and camera to obtain sensitive info.

Microsoft has a detailed outline of how the vulnerability works, and the company says that its security researchers continue to "monitor the threat landscape" to discover new vulnerabilities and attacker techniques that affect macOS and other non-Windows devices.

"Software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them," wrote Microsoft's security team.

Article Link: Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update
Click to expand...

Shouldn’t MSFT focus on finding and addressing their own security holes?
 
  • Disagree
  • Like
Reactions: darthgreen, filchermcurr, blizzerand and 4 others
K

KaliYoni

macrumors 68000
Feb 19, 2016
1,765
3,887
I'm OK with MSFT using some of its massive financial and technical resources to find security and privacy problems anywhere. Doing so helps all of us. In fact, I think it's better than having an unspoken support time span for older OS versions and ghosting Mojave users for the last 18 months.

----------
For anybody interested, this is a good history of Apple's macOS support:
eclecticlight.co

How long does Apple support macOS?

Unofficially, each major version of macOS gets a year’s full support, with bug and security fixes, then 2 years of security updates. Is that how it works?
eclecticlight.co eclecticlight.co
 
Last edited:
  • Like
  • Love
Reactions: freedomlinux, NoGood@Usernames and jons
profcutter

profcutter

macrumors 68000
Mar 28, 2019
1,533
1,270
kobaltz said:
From the CVE

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.

So, it was back ported to Big Sur, but I dunno about Catalina or others.
Click to expand...
Seems like this detail should be added to the original article. I‘m updating now to 11.6.2.
 
  • Like
Reactions: EmotionalSnow
C

coolfactor

macrumors 604
Jul 29, 2002
7,333
10,172
Vancouver, BC
TCC is 10 years old now, and today is the first time that I've heard of it. ?

Here's an article from months ago talking about its history, design and weaknesses...
www.sentinelone.com

Bypassing macOS TCC User Privacy Protections By Accident and Design - SentinelLabs

TCC is meant to protect user data from unauthorized access, but design flaws mean users and malware can bypass TCC, even by accident.
www.sentinelone.com www.sentinelone.com

I'm surprised that Apple is using an SQL database for this. They have used XML-based plists (ie. "property lists") forever, and then took over the FoundationDB project, which I always thought would be fast, efficient and secure replacement. (Why isn't FoundationDB being used yet? Anyone know? Is it overkill?)

SQLite is a solid embedded database solution, but this seriously feels like a weakness when the database itself can be compromised simply by replacing a file on disk.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom