-->
Home IFTTT Macworld.com Microsoft warns of macOS ‘powerdir’ bug that could expose private data

Microsoft warns of macOS ‘powerdir’ bug that could expose private data

Nazif Nani
Just At Home
Wednesday, January 12, 2022

Apple encourages users to install OS updates as soon as possible because they fix bugs and more importantly, patch security holes. Microsoft just outlined one of the bugs fixed in Monterey 12.1, and it’s a doozy.

The vulnerability dubbed “powerdir” could let someone bypass macOS’s Transparency, Consent, and Control (TCC) security framework and hijack access to a user’s protected data. TCC is a part of macOS that allows users to configure the Mac’s privacy settings, and Microsoft discovered a way to “programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests.” This would allow an attacker to install a malicious app or take over an installed app, and then be able to take screenshots or record audio from a microphone while the computer is in use.

It’s typical for a third-party company or developer to release the details of a bug or security hole they discovered after Apple has provided a fix. Microsoft provides more details on how the powerdir hole works.

Powerdir was cataloged as CVE-2021-30970 in the CVE database, and is identified as one of the security patches in macOS Monterey 12.1 and macOS Big Sur 11.6.2, which were released by Apple on December 13. Here is Apple’s description of the patch:

TCC

  • Available for: macOS Monterey
  • Impact: A malicious application may be able to bypass Privacy preferences
  • Description: A logic issue was addressed with improved state management.
  • CVE-2021-30970: Jonathan Bar Or of Microsoft

How to update to macOS Monterey 12.1

The update is free and you need to be connected to the internet. The installation will take several minutes (plan on about 30 minutes) and your Mac needs to restart. Here are the steps to do the installation:

  1. Go to System Preferences in the Apple menu
  2. Click on Software Update.
  3. Your Mac will check to see if the update is available. when it is, an Install button will appear. Click it and your Mac will start downloading the update. After that, it will start the installation.


from Macworld.com https://ift.tt/3tj5yuH
via IFTTT

Nazif Nani Wednesday, January 12, 2022 Tags: IFTTT, Macworld.com

LihatTutupKomentar