Microsoft researchers have uncovered a new MacOS vulnerability, called “powerdir”, which could potentially allow an attacker to bypass Mac’s Transparency, Consent and Control technology (TCC), which could lead to the hackers gaining unauthorised access to credential data of a user, including gaining access to apps or recording private conversations.
The vulnerability has been sent to Apple, with the company announcing a fix, codenaming the vulnerability as CVE-2021- 30970. MacOS users will now be able to apply these security updates as soon as possible.
Apple’s TCC was introduced by the company in 2012, it helps companies to configure privacy settings of their applications, including permissions such as device’s camera, microphone, location and access to Apple’s iCloud account.
Apple already had an inbuilt feature that prevented unauthorised code execution, and also enforced a policy to restrict access to TCC to apps with full disk access.
“We discovered that it is possible to programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests,” the blog said.
“If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data,” it added.
An example of how this can be accomplished is the attacker could hijack an installed application, or install their malicious code and record private conversations, capture screenshots of sensitive information of the user.
This is not the first instance that vulnerabilities have been discovered in Apple’s TCC. In May last year, a zero-day discovery was detected where an attacker could potentially bypass Apple’s TCC privacy safeguards.
Security researcher Phil Stokes, in July 2021, had detailed a list of problems with Apple’s TCC, citing weakness in its design. “This means that protections are easily overridden inadvertently,” Stokes said in a report.