Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.
Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the latest version of Monterey are protected. Those who have not done so should update. Apple in its security release notes for the 12.1 update confirmed the TCC vulnerability and credited Microsoft with its discovery.
According to Microsoft, the "Powerdir" security flaw could allow a fake TCC database to be planted. TCC is a long running macOS function that lets users configure the privacy settings of their apps, and with the fake database, a malicious person could hijack an app installed on a Mac or install their own malicious app, accessing the microphone and camera to obtain sensitive info.
Microsoft has a detailed outline of how the vulnerability works, and the company says that its security researchers continue to "monitor the threat landscape" to discover new vulnerabilities and attacker techniques that affect macOS and other non-Windows devices.
"Software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them," wrote Microsoft's security team.
Related Stories
The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.
As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses...
Apple today seeded the first beta of an upcoming macOS Monterey 12.3 update to developers for testing purposes, with the new software coming just a day after the release of macOS Monterey 12.2.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update mechanism in System...
Apple today seeded the third beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the second macOS Monterey 12.3 beta.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
Apple today released macOS Monterey 12.3, the third major update to the macOS Monterey operating system that launched in October 2021. macOS Monterey 12.3 comes more than a month after the launch of macOS 12.2, an update that addressed a Safari vulnerability.
The macOS Monterey 12.3 update can be downloaded on all eligible Macs using the Software Update section of System ...
Microsoft has been testing a pre-release Apple silicon version of OneDrive since last year, and now the native version of the app is available for all OneDrive users.
"We're excited to announce that OneDrive sync for macOS will now run natively on Apple silicon. This means that OneDrive will take full advantage of the performance improvements of Apple silicon," Microsoft said in an...
Apple today released macOS Monterey 12.2.1, a minor bug fix update that comes two weeks after the launch of macOS Monterey 12.2.
The macOS Monterey 12.2.1 update can be downloaded on all eligible Macs using the Software Update section of System Preferences.
According to Apple's release notes, macOS Monterey 12.2.1 addresses a bug that was causing Bluetooth devices...
Thursday January 20, 2022 3:32 am PST by
Sami FathiApple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update.
With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...
Thursday January 13, 2022 5:10 am PST by
Sami FathiApple will be among several U.S. tech giants to attend a meeting at the White House today to discuss cybersecurity and possible security threats posed by open-source software, Reuters reports.
The meeting will be held by U.S. National Security Advisor Jake Sullivan and will focus on "concerns around the security of open-source software and how it can be improved." The meeting was prompted by ...
Popular Stories
Benchmark testing has indicated that the 256GB variant of the 13-inch MacBook Pro with M2 chip offers slower SSD performance than its M1 equivalent, and now real-world stress testing by YouTuber Max Yuryev of Max Tech suggests that the 256GB SSD in the 13-inch MacBook Pro is also underperforming in day-to day-usage.
The M2 MacBook Pro with 256GB SSD and 8GB RAM was slower than the M1 MacBook ...
TSMC will manufacture Apple's upcoming "M2 Pro" and "M3" chips based on its 3nm process, according to Taiwanese industry publication DigiTimes.
"Apple reportedly has booked TSMC capacity for its upcoming 3nm M3 and M2 Pro processors," said DigiTimes, in a report focused on competition between chipmakers like TSMC and Samsung to secure 3nm chip orders. As expected, the report said TSMC will...
With many customers choosing to upgrade their iPhone every two or three years nowadays, there are lots of iPhone 11 Pro users who might be interested in upgrading to the iPhone 14 Pro later this year. Those people are in for a treat, as three years of iPhone generations equals a long list of new features and changes to look forward to.
Below, we've put together a list of new features and...
Fifteen years ago to this day, the iPhone, the revolutionary device presented to the world by the late Steve Jobs, officially went on sale.
The first iPhone was announced by Steve Jobs on January 9, 2007, and went on sale on June 29, 2007. "An iPod, a phone, an internet mobile communicator... these are not three separate devices," Jobs famously said. "Today, Apple is going to reinvent the...
Polish developer Michał Gapiński has released a new and improved version of his "Tesla Android Project" which brings Apple's CarPlay experience to more Tesla vehicles than ever before.
According to Gapiński, version 2022.25.1 provides "100% functional CarPlay integration for any Tesla," and comes with several new features and bug fixes.
The project now supports DRM video playback so that...
Following the launch of Apple's new 13-inch MacBook Pro with the M2 chip, it has been discovered that the $1,299 base model with 256GB of storage has significantly slower SSD read/write speeds compared to the equivalent previous-generation model.
YouTube channels such as Max Tech and Created Tech tested the 256GB model with Blackmagic's Disk Speed Test app and found that the SSD's read and...
Apple last week launched an updated version of the 13-inch MacBook Pro, and it is the first Mac that is equipped with an updated M2 chip. As it's using a brand new chip, we thought we'd pick up the M2 MacBook Pro and compare it to the prior-generation M1 MacBook Pro to see just what's new.
Subscribe to the MacRumors YouTube channel for more videos. For the video comparison, we're using the...
The Wall Street Journal's Joanna Stern today shared a new documentary about the evolution of the iPhone ahead of the 15th anniversary of the device launching on June 29, 2007. The documentary includes an interview with Apple's marketing chief Greg Joswiak, iPhone co-creator Tony Fadell, and a family of iPhone users.
One segment of the interview reflects on Android smartphones gaining larger...
iPhone 14 Pro models are widely expected to feature always-on displays that allow users to view glanceable information without having to tap to wake the screen. In the latest edition of his Power On newsletter for Bloomberg, Mark Gurman said the feature will include support for iOS 16's new Lock screen widgets for weather, fitness, and more.
"Like the Apple Watch, the iPhone 14 Pro will be...
Top Rated Comments
Apple can do a better job of letting us know when an OS is actually no longer supported.
[TABLE]
[TR]
[TD]
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.[/TD]
[/TR]
[/TABLE]
So, it was back ported to Big Sur, but I dunno about Catalina or others.