Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.
Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the latest version of Monterey are protected. Those who have not done so should update. Apple in its security release notes for the 12.1 update confirmed the TCC vulnerability and credited Microsoft with its discovery.
According to Microsoft, the "Powerdir" security flaw could allow a fake TCC database to be planted. TCC is a long running macOS function that lets users configure the privacy settings of their apps, and with the fake database, a malicious person could hijack an app installed on a Mac or install their own malicious app, accessing the microphone and camera to obtain sensitive info.
Microsoft has a detailed outline of how the vulnerability works, and the company says that its security researchers continue to "monitor the threat landscape" to discover new vulnerabilities and attacker techniques that affect macOS and other non-Windows devices.
"Software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them," wrote Microsoft's security team.
Popular Stories
Apple today introduced the iPhone 17 Pro and iPhone 17 Pro Max.
Both devices feature a new aluminum unibody design, with the Ceramic Shield now protecting both the front and back sides. Apple says the front side is now Ceramic Shield 2, which offers 3x better scratch resistance, while the rear Ceramic Shield is advertised as 4x more resistant to cracks compared to the back glass on previous...
Apple will be holding its annual iPhone event on Tuesday, September 9, to unveil the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max.
Assuming that Apple sticks to its familiar pattern, the iPhone 17 series should be available to pre-order starting Friday, September 12 at 5 a.m. Pacific Time / 8 a.m. Eastern Time. The release date for the devices should be one week later, on Fr...
Apple's "Awe Dropping" event kicks off today at 10:00 a.m. Pacific Time, where we're expecting to see the iPhone 17 lineup, several updated Apple Watch models, and the third-generation AirPods Pro unveiled, and perhaps some other announcements.
Apple is providing a live video stream on its website, on YouTube, and in the company's TV app across various platforms. We will also be updating...
Apple is preparing to launch two versions of the AirPods Pro 3 over 2025 and 2026, according to a Weibo leaker.
Yesterday, supply chain analyst Ming-Chi Kuo reported that Apple is planning to debut the AirPods Pro 3 this year. They could arrive as soon as this week at Apple's "Awe dropping" event.
Crucially, Kuo added that Apple is planning to introduce a successor to this year's AirPods ...
Apple's iPhone 17 Pro and iPhone 17 Pro Max models will feature a number of significant display, thermal, and battery improvements, according to new late-stage rumors.
According to the Weibo leaker known as "Instant Digital," the iPhone 17 Pro models will feature displays with higher brightness, making it more suitable for use in direct sunlight for prolonged periods. The iPhone 16 Pro and...
Apple today unveiled the iPhone Air, an all-new kind of iPhone featuring an ultra-thin design.
The iPhone Air is just 5.6mm thick, making it the thinnest iPhone ever. The frame is made of titanium with a polished mirror finish. The device features Ceramic Shield 2 with 3x better scratch resistance and 4x better crack resistance, on both sides of the device for the first time. Apple says that ...
