आइसिटी समाचार
Microsoft has disclosed a vulnerability in macOS that might let an attacker to circumvent the operating system's built-in technology restrictions and get access to users' personal information. The problem, affects the Transparency, Consent, and Control (TCC) system, which has been in place since 2012 to enable users modify privacy settings in their apps.
It might let attackers to take control of an existing program on a Mac machine or install their own app and obtain access to hardware such as the microphone and camera in order to steal user data. The macOS vulnerability might be exploited by circumventing TCC to target users' sensitive data, according to a blog post. The bug was addressed in the macOS Monterey 12.1 update, which was published last month.
For older hardware, it was also solved in the macOS Big Sur 11.6.2 release. However, systems running an older version of macOS are still susceptible. Apple is utilizing TCC to assist customers with configuring privacy settings such as camera, microphone, and location access, as well as services such as calendar and iCloud account. The technology may be accessed in System Preferences' Security & Privacy section. On top of TCC, Apple has implemented a policy that limits access to TCC to only programs with full disk access, with the goal of preventing unauthorised code execution.
According to Microsoft security researcher Jonathan Bar Or, an attacker can modify a target user's home directory and plant a phony TCC database to obtain the consent history of app requests. "If this vulnerability is exploited on unpatched computers, a hostile actor might possibly organize an attack based on the user's protected personal data," the researcher stated. Microsoft researchers also created a proof-of-concept to show how the flaw may be exploited by modifying the privacy settings on any given program.
