Microsoft discovers powerdir vulnerability (CVE-2021-30970) in macOS
The Microsoft 365 Defender research team recently published a blog about the powerdir vulnerability in macOS.
The vulnerability number is CVE-2021-30970. Of course, since Microsoft has disclosed this vulnerability, it means that the vulnerability has been fixed. Apple has recently released an update to address this issue, so Microsoft also reminds macOS users to download the latest update to fix this flaw.
An attacker could exploit CVE-2021-30970 vulnerability to bypass the operating system’s Transparency, Consent, and Control (TCC) security framework, which is effectively a privacy preference, allowing attackers to access protected data. Apple will release a new update to fix the vulnerability on December 31, 2021, so Microsoft details the vulnerability.
TCC technology was introduced by Apple in 2012, and its essence is to protect access such as cameras, microphones, location, calendar, or iCloud accounts. In theory, third-party software cannot access these protected data without user authorization. Microsoft researchers tried to use a fake TCC database to make the system think that the relevant permissions have been granted, so an attacker can successfully bypass the protection and gain access to sensitive data.
Including but not limited to monitoring the user’s screen, calling the microphone and camera for recording, accessing the user’s location and other account information, etc., so from the perspective of privacy, the harm of this vulnerability is still very high.
It’s worth noting that this isn’t the first time TCC has had a bug. “This shows that even as macOS or other operating systems and applications become more hardened with each release, software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them,” Jonathan Bar Or of Microsoft 365 Defender Research Team said.
