security settings: Why Microsoft has urged Apple users to apply macOS security settings immediately – Times of India

security settings:  Why Microsoft has urged Apple users to apply macOS security settings immediately – Times of India

Microsoft has highlighted a security vulnerability in Apple’s macOS which could compromise user data by giving hackers access to it through bypassing the Transparency, Consent, and Control (TCC) technology in the OS. As per Microsoft, the vulnerability “powerdir” was reported to Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). Consequently, Apple also released a fix for the vulnerability, referred to as CVE-2021-30970, as part of security updates released on December 13, 2021. Meanwhile, Microsoft has urged macOS users to apply these security settings as soon as possible.
The Transparency, Consent, and Control technology or TCC is a subsystem Apple introduced in 2012 in macOS Mountain Lion. The TCC technology is meant to prevent apps from accessing users’ personal information without their prior consent and knowledge. Settings related to TCC can be found under System Preferences in macOS (System Preferences > Security & Privacy > Privacy):
With the help of TCC, users can configure the privacy settings of their MacBooks like camera or microphone settings or their iCloud account. Apple also installed a security measure for TCC which prevents unauthorised code execution and also enforced a policy that let limited TCC access only to applications with full disk access, adds the report.
“We discovered that it is possible to programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests. If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data. For example, the attacker could hijack an app installed on the device—or install their own malicious app—and access the microphone to record private conversations or capture screenshots of sensitive information displayed on the user’s screen.”, said Microsoft in a blog post.



You must be logged in to post a comment Login