Powerdir vulnerability found within MacOS
Threat Intelligence from DigitalXRAID’s Security Operations Centre analysts:
DigitalXRAID’s Security Operations Centre Analysts have been notified that research analysts from Microsoft have discovered a new vulnerability within MacOS, named “powerdir”. So far, it’s understood that this vulnerability could allow threat actors to bypass the system’s Transparency, Consent and Control (TCC) technology, gaining unauthorised access to a user’s protected data.
Read more about the CVE detail: CVE-2021-30970
The CVSS (Common Vulnerability Scoring System) Severity score has been rated as: 5.5
Introduced in 2012, TCC is designed to help users configure privacy settings on their applications, such as camera and microphone access. To secure TCC, Apple ensured unauthorised code execution was prevented and TCC was only accessed by applications with full disk access. Researchers found it is possible to plant a fake TCC database by changing a target’s home directory. This stores the history of consent requests, which could then allow a threat actor access to protected data, for example the user’s iCloud account, microphone or camera.
This vulnerability affects MacOS Monterey and Big Sur and was patched as part of security updates released on December 13, 2021. It is recommended to ensure these security updates are applied as soon as possible. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2.
Further information can be found on Microsoft’s security blog, here.
If you believe you’re under attack or discover that you’ve suffered a breach and need help urgently, get in contact with us. You can call our emergency line on 0800 066 4509 to speak to one of our experts. They’re available 24 hours a day, 7 days a week. Bookmark this page in case you ever need us.
If you need any support in mitigating any risks this vulnerability may have on your business, please don’t hesitate to get in contact.