Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.
Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the latest version of Monterey are protected. Those who have not done so should update. Apple in its security release notes for the 12.1 update confirmed the TCC vulnerability and credited Microsoft with its discovery.
According to Microsoft, the "Powerdir" security flaw could allow a fake TCC database to be planted. TCC is a long running macOS function that lets users configure the privacy settings of their apps, and with the fake database, a malicious person could hijack an app installed on a Mac or install their own malicious app, accessing the microphone and camera to obtain sensitive info.
Microsoft has a detailed outline of how the vulnerability works, and the company says that its security researchers continue to "monitor the threat landscape" to discover new vulnerabilities and attacker techniques that affect macOS and other non-Windows devices.
"Software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them," wrote Microsoft's security team.
Related Stories
The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.
As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses...
Apple today seeded the first beta of an upcoming macOS Monterey 12.3 update to developers for testing purposes, with the new software coming just a day after the release of macOS Monterey 12.2.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update mechanism in System...
Apple today seeded the third beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the second macOS Monterey 12.3 beta.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
Apple today released macOS Monterey 12.3, the third major update to the macOS Monterey operating system that launched in October 2021. macOS Monterey 12.3 comes more than a month after the launch of macOS 12.2, an update that addressed a Safari vulnerability.
The macOS Monterey 12.3 update can be downloaded on all eligible Macs using the Software Update section of System ...
Microsoft has been testing a pre-release Apple silicon version of OneDrive since last year, and now the native version of the app is available for all OneDrive users.
"We're excited to announce that OneDrive sync for macOS will now run natively on Apple silicon. This means that OneDrive will take full advantage of the performance improvements of Apple silicon," Microsoft said in an...
Apple today released macOS Monterey 12.2.1, a minor bug fix update that comes two weeks after the launch of macOS Monterey 12.2.
The macOS Monterey 12.2.1 update can be downloaded on all eligible Macs using the Software Update section of System Preferences.
According to Apple's release notes, macOS Monterey 12.2.1 addresses a bug that was causing Bluetooth devices...
Thursday January 20, 2022 3:32 am PST by
Sami FathiApple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update.
With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...
Thursday January 13, 2022 5:10 am PST by
Sami FathiApple will be among several U.S. tech giants to attend a meeting at the White House today to discuss cybersecurity and possible security threats posed by open-source software, Reuters reports.
The meeting will be held by U.S. National Security Advisor Jake Sullivan and will focus on "concerns around the security of open-source software and how it can be improved." The meeting was prompted by ...
Popular Stories
There's just about a month to go until Apple holds its annual September event focusing on new iPhone and Apple Watch models. We thought we'd take a quick look at everything that's rumored for Apple's September event to give MacRumors readers a rundown on what to expect when the first fall event rolls around.
iPhone 14
The iPhone 14 can probably be described more as an "iPhone 13S" because...
Earlier today, analyst Ming-Chi Kuo claimed iPhone 14 Pro models will be more expensive than iPhone 13 Pro models. Kuo did not reveal exact pricing, but he said that the average selling price of all four iPhone 14 models will increase by about 15% overall.
While higher prices would be disappointing for customers, it is possible the iPhone 14 Pro and iPhone 14 Pro Max will offer increased...
Apple plans to increase the prices of iPhone 14 Pro models compared to iPhone 13 Pro models, according to analyst Ming-Chi Kuo.
Kuo did not reveal exact pricing for the iPhone 14 Pro models. However, in a tweet today, he estimated that the average selling price of the iPhone 14 lineup as a whole will increase by about 15% compared to the iPhone 13 lineup.
In the United States, the iPhone...
Wednesday August 10, 2022 4:08 am PDT by
Sami FathiThe launch of the new iPhone 14 is just a few weeks away, meaning millions of iPhone customers will soon upgrade their existing iPhone or perhaps get an iPhone for the first time. Exclusive MacRumors iPhone 14 Pro renders by graphic designer Ian Zelbo Whether upgrading from an older model or this is your first iPhone, we've rounded up a few tips to help you prepare for the next flagship...
Samsung this week launched its fourth-generation foldable devices, the $1,000 Galaxy Z Flip and the $1,800 Galaxy Z Fold. Though there's no sign of a comparable Apple foldable device on the horizon, rumors suggest prototypes are in the works, so we thought we'd take a look at Samsung's newest smartphones to see what Apple needs to measure up to when a foldable iPhone does come out.
Subscribe ...
It wouldn't be the month before an iPhone launch without a few back-and-forth rumors, with the latest debate concerning iPhone 14 Pro storage.
iPhone 14 Pro render by Ian Zelbo While research firm TrendForce forecasted that iPhone 14 Pro models could start with an increased 256GB of storage, Haitong International analyst Jeff Pu today forecasted that the upcoming Pro models will continue to...
Top Rated Comments
Apple can do a better job of letting us know when an OS is actually no longer supported.
[TABLE]
[TR]
[TD]
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.[/TD]
[/TR]
[/TABLE]
So, it was back ported to Big Sur, but I dunno about Catalina or others.