Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update - MacRumors
Skip to Content

Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update

Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.

powerdir exploit microsoft
Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the latest version of Monterey are protected. Those who have not done so should update. Apple in its security release notes for the 12.1 update confirmed the TCC vulnerability and credited Microsoft with its discovery.

According to Microsoft, the "Powerdir" security flaw could allow a fake TCC database to be planted. TCC is a long running macOS function that lets users configure the privacy settings of their apps, and with the fake database, a malicious person could hijack an app installed on a Mac or install their own malicious app, accessing the microphone and camera to obtain sensitive info.

Microsoft has a detailed outline of how the vulnerability works, and the company says that its security researchers continue to "monitor the threat landscape" to discover new vulnerabilities and attacker techniques that affect macOS and other non-Windows devices.

"Software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them," wrote Microsoft's security team.

Related Forum: macOS Monterey

Popular Stories

Apple TV Thumb 3

Everything Coming in the 2026 Apple TV 4K

Wednesday July 8, 2026 4:51 pm PDT by
The Apple TV 4K hasn't been updated since 2022, and it's due for a refresh. An update is planned for 2026, but Apple is likely going to wait to launch it after Siri AI launches in iOS 27. Design Apple TV design updates don't happen often, and that's not changing. The next Apple TV is going to have the same squircle shape as the current model, and it'll continue to be made from a black...
iphone 16 teal

'Siri AI' Lawsuit Update: Apple to Pay Owners of These iPhone Models

Thursday July 9, 2026 7:08 am PDT by
In May, Apple agreed to pay $250 million to settle a U.S. class action lawsuit over Siri AI's delayed launch, and eligible iPhone users could receive up to a $95 payout. This week, the California court overseeing the case held a hearing regarding preliminary approval of the settlement, but the judge has not yet issued a ruling. It will likely be at least a few more months before eligible...
iCloud iPhone 17 Pro

Apple Says These iOS 27 Features Require $9.99/Month Subscription

Wednesday July 8, 2026 6:24 am PDT by
iOS 27 includes new Apple Intelligence features for compatible cameras in Apple's Home app, but only if you have an iCloud+ plan with at least 2TB of storage. This limitation effectively means that the new features are only available with a minimum $9.99/month subscription, even though the centerpiece of the subscription is the 2TB of storage. The features include AI descriptions for...

Top Rated Comments

JosephAW Avatar
59 months ago
Wondering if we’ll get a security update on older MacOS:rolleyes:
Score: 17 Votes (Like | Disagree)
B4U Avatar
59 months ago
Considering Mojave is the last Mac OS that supports 32 bit apps, hopefully they will backport this fix to that OS as well.
Apple can do a better job of letting us know when an OS is actually no longer supported.
Score: 14 Votes (Like | Disagree)
MacNerd01 Avatar
59 months ago

I'm confused. We like Microsoft and Google now? They're now our friends? :p
Just because this is an apple-focused site doesn’t mean we hate other companies.
Score: 11 Votes (Like | Disagree)
Stella Avatar
59 months ago

Shouldn’t MSFT focus on finding and addressing their own security holes?
Microsoft are large enough to do both, and more.
Score: 10 Votes (Like | Disagree)
59 months ago

Wondering if we’ll get a security update on older MacOS:rolleyes:
From the CVE

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.
So, it was back ported to Big Sur, but I dunno about Catalina or others.
Score: 10 Votes (Like | Disagree)
NightFox Avatar
59 months ago

Shouldn’t MSFT focus on finding and addressing their own security holes?
They do, but they also have the Defender 365 Research Team who purely assess third party products like this.
Score: 8 Votes (Like | Disagree)