Microsoft has highlighted security vulnerabilities in Apple MacOS which can harm user data by providing access to hackers into transparency, approval, and control (TCC) in OS.
In accordance with Microsoft, the vulnerability of “Powerdir” was reported to Apple through disclosure of coordinated vulnerability (CVD) through Microsoft security vulnerability research (MSVR).
As a result, Apple also released improvements for vulnerabilities, referred to as CVE-2021-30970, as part of the security update released on December 13, 2021.
Meanwhile, Microsoft has urged MacOS users to apply this security settings as soon as possible.
Transparency, approval, and control technology or TCC are Apple subsystems introduced in 2012 in MacOS Mountain Lion.
TCC technology is intended to prevent applications from accessing users’ personal information without their previous consent and knowledge.
The settings related to TCC can be found under system preferences in MacOS (System Preferences> Security & Privacy> Privacy): With the help of TCC, users can configure their MacBook privacy settings such as camera or microphone settings.
Apple also installs the size of security for TCC that prevents unauthorized code execution and also enforces a policy that allows TCC access to limited to applications with full disk access, adding reports.
“We find that it is possible to change the home directory of target users and plan false TCC databases, which have a history of approval from application requests.
If exploited on the system that has not been seen, this vulnerability can allow evil actors to potentially regulate attacks based on user-protected personal data.
For example, the attacker can hijack the application installed on the device – or install their own malicious application – and access the microphone to record private conversations or capture sensitive information screenshot displayed on the user’s screen.
“, Microsoft said in a blog post.