Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.
Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the latest version of Monterey are protected. Those who have not done so should update. Apple in its security release notes for the 12.1 update confirmed the TCC vulnerability and credited Microsoft with its discovery.
According to Microsoft, the "Powerdir" security flaw could allow a fake TCC database to be planted. TCC is a long running macOS function that lets users configure the privacy settings of their apps, and with the fake database, a malicious person could hijack an app installed on a Mac or install their own malicious app, accessing the microphone and camera to obtain sensitive info.
Microsoft has a detailed outline of how the vulnerability works, and the company says that its security researchers continue to "monitor the threat landscape" to discover new vulnerabilities and attacker techniques that affect macOS and other non-Windows devices.
"Software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them," wrote Microsoft's security team.
Related Stories
The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.
As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses...
Apple today seeded the first beta of an upcoming macOS Monterey 12.3 update to developers for testing purposes, with the new software coming just a day after the release of macOS Monterey 12.2.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update mechanism in System...
Apple today seeded the third beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the second macOS Monterey 12.3 beta.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
Apple today released macOS Monterey 12.3, the third major update to the macOS Monterey operating system that launched in October 2021. macOS Monterey 12.3 comes more than a month after the launch of macOS 12.2, an update that addressed a Safari vulnerability.
The macOS Monterey 12.3 update can be downloaded on all eligible Macs using the Software Update section of System ...
Microsoft has been testing a pre-release Apple silicon version of OneDrive since last year, and now the native version of the app is available for all OneDrive users.
"We're excited to announce that OneDrive sync for macOS will now run natively on Apple silicon. This means that OneDrive will take full advantage of the performance improvements of Apple silicon," Microsoft said in an...
Apple today released macOS Monterey 12.2.1, a minor bug fix update that comes two weeks after the launch of macOS Monterey 12.2.
The macOS Monterey 12.2.1 update can be downloaded on all eligible Macs using the Software Update section of System Preferences.
According to Apple's release notes, macOS Monterey 12.2.1 addresses a bug that was causing Bluetooth devices...
Thursday January 20, 2022 3:32 am PST by
Sami FathiApple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update.
With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...
Thursday January 13, 2022 5:10 am PST by
Sami FathiApple will be among several U.S. tech giants to attend a meeting at the White House today to discuss cybersecurity and possible security threats posed by open-source software, Reuters reports.
The meeting will be held by U.S. National Security Advisor Jake Sullivan and will focus on "concerns around the security of open-source software and how it can be improved." The meeting was prompted by ...
Popular Stories
Due to production issues at Apple supplier factories in China, the iPhone 14 Pro and iPhone 14 Pro Max are backordered and basically out of stock at every store. If you were planning to gift or receive an iPhone 14 Pro model for the holidays and didn't already get one, you're basically out of luck because they're gone until late December.
Subscribe to the MacRumors YouTube channel for more ...
Thursday December 8, 2022 2:45 am PST by
Sami FathiApple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, photos, and more, meeting the longstanding demand of both users and privacy groups who have rallied for the company to take the significant step forward in user privacy.
iCloud end-to-end encryption, or what Apple calls "Advanced Data Protection,"...
Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg's Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far.
iOS 16.2 introduces a number of new features, including Apple's new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide...
With the iOS 16.2 release candidate that came out today, Apple added the new Apple Music Sing feature that was announced earlier this week. We thought we'd check out the new karaoke feature to see how it works.
Subscribe to the MacRumors YouTube channel for more videos. Apple Music Sing is available on modern iPhones and iPads, as well as the newest Apple TV 4K. It's built in to the Apple...
Apple is aiming to launch an Apple-branded consumer-oriented vehicle by 2026, and its goal is to hit a price point under $100,000 to make the car appeal to a wider range of customers, reports Bloomberg.
Apple initially planned to design a car that might look similar to Canoo's Lifestyle Vehicle, where passengers could face one another in a limousine-style car with no steering wheel or...
iOS 16.2 is expected to be released next week following nearly two months of beta testing. With last-minute additions like Apple Music Sing and Advanced Data Protection, the software update now has over a dozen new features for the iPhone.
Below, we've recapped many of the new features coming with iOS 16.2, including Apple's new whiteboard app Freeform, two new Lock Screen widgets, the...
Tuesday December 6, 2022 7:09 am PST by
Sami FathiApple today announced Apple Music Sing, a new feature in Apple Music that lets users sing their favorite songs with adjustable vocals and more.
Apple Music Sing will utilize Apple Music's real-time lyrics to allow users to sing to their favorite songs using adjustable vocals, background vocals, and duet view to allow more than one singer.Apple Music Sing includes:
Adjustable vocals: Users...
Twitter plans to charge $11 per month for a Twitter Blue subscription on the iPhone in order to account for the 30 percent cut that Apple takes from in-app purchases, reports The Information. On the web, Twitter Blue will be priced at $7 per month.
Prior to when Twitter Blue was paused, Twitter was charging $7.99 for a subscription, but the pricing will change before it relaunches. According ...
Apple today announced it is expanding end-to-end encryption to many additional iCloud data categories on an opt-in basis for enhanced security.
iCloud already protects 14 data categories using end-to-end encryption by default, including the Messages app when backups are disabled, passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more,...
Top Rated Comments
Apple can do a better job of letting us know when an OS is actually no longer supported.
[TABLE]
[TR]
[TD]
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.[/TD]
[/TR]
[/TABLE]
So, it was back ported to Big Sur, but I dunno about Catalina or others.