MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
macos
Search

Microsoft warns of macOS ‘powerdir’ bug that could expose private data

Wednesday January 12, 2022. 05:45 PM , from Mac 911
Apple encourages users to install OS updates as soon as possible because they fix bugs and more importantly, patch security holes. Microsoft just outlined one of the bugs fixed in Monterey 12.1, and it’s a doozy.

The vulnerability dubbed “powerdir” could let someone bypass macOS’s Transparency, Consent, and Control (TCC) security framework and hijack access to a user’s protected data. TCC is a part of macOS that allows users to configure the Mac’s privacy settings, and Microsoft discovered a way to “programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests.” This would allow an attacker to install a malicious app or take over an installed app, and then be able to take screenshots or record audio from a microphone while the computer is in use.

It’s typical for a third-party company or developer to release the details of a bug or security hole they discovered after Apple has provided a fix. Microsoft provides more details on how the powerdir hole works.

Powerdir was cataloged as CVE-2021-30970 in the CVE database, and is identified as one of the security patches in macOS Monterey 12.1 and macOS Big Sur 11.6.2, which were released by Apple on December 13. Here is Apple’s description of the patch:

TCC

Available for: macOS MontereyImpact: A malicious application may be able to bypass Privacy preferencesDescription: A logic issue was addressed with improved state management.CVE-2021-30970: Jonathan Bar Or of MicrosoftHow to update to macOS

The update is free and you need to be connected to the internet. The installation will take several minutes (plan on about 30 minutes) and your Mac needs to restart. Here are the steps to do the installation:

Go to System Preferences in the Apple menuClick on Software Update.Your Mac will check to see if the update is available. when it is, an Install button will appear. Click it and your Mac will start downloading the update. After that, it will start the installation.
https://www.macworld.com/article/581766/macos-vulnerability-powerdir-security-update.html
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Mar, Thu 28 - 16:29 CET