Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update - MacRumors
Skip to Content

Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update

by

Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.

powerdir exploit microsoft
Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the latest version of Monterey are protected. Those who have not done so should update. Apple in its security release notes for the 12.1 update confirmed the TCC vulnerability and credited Microsoft with its discovery.

According to Microsoft, the "Powerdir" security flaw could allow a fake TCC database to be planted. TCC is a long running macOS function that lets users configure the privacy settings of their apps, and with the fake database, a malicious person could hijack an app installed on a Mac or install their own malicious app, accessing the microphone and camera to obtain sensitive info.

Microsoft has a detailed outline of how the vulnerability works, and the company says that its security researchers continue to "monitor the threat landscape" to discover new vulnerabilities and attacker techniques that affect macOS and other non-Windows devices.

"Software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them," wrote Microsoft's security team.

Tags: Microsoft, Vulnerabiltiies
Related Forum: macOS Monterey

Popular Stories

nvidia rtx spark

Nvidia Challenges Apple Silicon With New RTX Spark PC Chip

Monday June 1, 2026 3:41 am PDT by
Nvidia is entering the consumer PC chip business for the first time and has thrown down the gauntlet to Apple, describing its new RTX Spark processor as "the most efficient PC chip ever built." Nvidia says its RTX Spark Superchip is purpose-built to run AI agents that can work proactively across apps and run in the background as a personal "teammate." With the chip, Nvidia says users...
Read Full Article188 comments
Dynamic Island iPhone 18 Pro Feature

12 Reasons to Wait for the iPhone 18 Pro

Thursday June 18, 2026 2:17 am PDT by
We're only three months out from the launch of Apple's premium next-generation smartphone lineup, and while we're not expecting a sea change in terms of functionality, there are still several enhancements rumored to be coming to the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth noting is that Apple is reportedly planning a major change to its iPhone release cycle this year, adopting a ...
Read Full Article82 comments
Rivian Explains Why CarPlay Debate Will Become Completely Obsolete Feature

iOS 27 Adds Major New Feature to CarPlay

Wednesday June 17, 2026 9:10 am PDT by
Last year, Apple revealed that it was planning to allow CarPlay users to watch video via AirPlay in their vehicles while they are not driving, and the company finally provided more specific details about this functionality at WWDC 2026. In a WWDC 2026 video aimed at developers, Apple said the CarPlay video feature is available in new vehicles that support it. When playing a video in an...
Read Full Article

Top Rated Comments

JosephAW Avatar
JosephAW
58 months ago
Wondering if we’ll get a security update on older MacOS:rolleyes:
Score: 17 Votes (Like | Disagree)
B4U Avatar
B4U
58 months ago
Considering Mojave is the last Mac OS that supports 32 bit apps, hopefully they will backport this fix to that OS as well.
Apple can do a better job of letting us know when an OS is actually no longer supported.
Score: 14 Votes (Like | Disagree)
MacNerd01 Avatar
MacNerd01
58 months ago

I'm confused. We like Microsoft and Google now? They're now our friends? :p
Just because this is an apple-focused site doesn’t mean we hate other companies.
Score: 11 Votes (Like | Disagree)
Stella Avatar
Stella
58 months ago

Shouldn’t MSFT focus on finding and addressing their own security holes?
Microsoft are large enough to do both, and more.
Score: 10 Votes (Like | Disagree)
K
kobaltz
58 months ago

Wondering if we’ll get a security update on older MacOS:rolleyes:
From the CVE

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.
So, it was back ported to Big Sur, but I dunno about Catalina or others.
Score: 10 Votes (Like | Disagree)
NightFox Avatar
NightFox
58 months ago

Shouldn’t MSFT focus on finding and addressing their own security holes?
They do, but they also have the Defender 365 Research Team who purely assess third party products like this.
Score: 8 Votes (Like | Disagree)
Read All Comments