Bug in powerdir server allows users to bypass macOS login screen

0

Don has been writing professionally for over 10 years now, but his passion for writing started in grade school. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com, … Read more

  • TCC is a security technology that allows Apple users to control the privacy settings of applications installed on their systems and devices connected to their devices.
  • Apple users with the new TCC will allow full disk access to applications with configuration features to automatically prevent unauthorized code execution.
  • Finally, Apple was able to correct the vulnerability in security updates released late last year in December.

Microsoft warns that the macOS vulnerability could be used to bypass the company’s transparency, consent, and control (TCC) technology.

The Microsoft 365 Defender research team reported a vulnerability in Apple’s MacBook Pro model T5 through Microsoft Security Vulnerability Research (MSVR) on July 15, 2021.

TCC is security technology designed to allow Apple users to control the privacy settings of applications installed on their systems and devices connected to their Macs, including cameras and microphones.

Apple has assured users that its new TCC will only allow full disk access to applications with configuration features to automatically block the execution of unauthorized code.

Loopholes

Microsoft researchers have found that cybercriminals can trick a user into clicking a malicious link to gain access to personal information stored in a TCC database.

“We have discovered that it is possible to programmatically modify the home directory of a target user and create a fake TCC database, which stores the consent history of applications requests,” according to Jonathan Bar, researcher principal in security at Microsoft.

“If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data.

“For example, the attacker could hijack an app installed on the device or install their own malicious app and gain access to the microphone to record private conversations or capture screenshots of sensitive information displayed on the device’s screen. user.”

Reported TCC leads

Apple also fixed other TCC bypasses reported since 2020, including:

  • Variable environment poisoning
  • Time machine mounts
  • Package conclusion problem

Additionally, Apple addressed the vulnerability in security updates released last month, December 13, 2021. “A malicious application may be able to bypass privacy preferences,” according to the security advisory.

Apple addressed the logical flaw behind the powerdir security flaw bug by developing better state management.

“During this research, we had to update our proof of concept (POC) exploit because the initial version no longer worked on the latest version of macOS, Monterey,” Jonathan said.

“This shows that while macOS or other operating systems and applications become more and more rugged with each release, software vendors like Apple, security researchers and the security community at large need to work together. continuously to identify and remediate vulnerabilities before attackers can take advantage of them. them.”

Shrootless

Microsoft today revealed a security vulnerability, named Shrootless, that would allow an attacker to bypass System Integrity Protection (SIP) and perform arbitrary operations, elevate privileges to root, and install rootkits on vulnerable devices.

Company researchers also discovered new variants of the macOS malware known as UpdateAgent or Vigram, updated with new evasion and persistence tactics.

Last year in June, a security researcher (Redmond) from Tactical Network Solutions revealed critical flaws in a number of NETGEAR router models. Hackers could use the loopholes to penetrate and move sideways within corporate networks.

Have you faced any of these setbacks? Share your thoughts with us in the comments section below.

Share.

About Author

Comments are closed.