Hackers Exploit The Powerdir Flaw For Access To MacOS Data

The Microsoft 365 Defender Research Team has discovered a flaw known as powedir.

The bug, a macOS vulnerability, allows threat actors to gain access to the user’s protected data.

Attackers can do this by bypassing Transparency, Consent, and Control (TCC) technology. TCC was created to block apps from accessing sensitive user data.

The technology achieves this goal by allowing macOS users to configure privacy settings for the apps installed on their systems and devices connected to their Macs.

Apple has restricted TCC access to only apps with full disk access. Apple has also set up features to automatically block unauthorized code execution.

However, Microsoft researchers have shown that attackers can create a second, specially crafted TCC database that allows them to access protected user information.

“If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data,” said Jonathan Bar Or, a principal security researcher at Microsoft.

For more information, read the original story in BleepingComputer.

Hackers Exploit The Powerdir Flaw For Access To MacOS Data

Top Stories

SpaceX shares fall 20% from peak following $60 billion cursor acquisition

Snap unveils first consumer AR glasses priced at more than $2,000

Key U.S. data center law faces expiration with no replacement in sight

Starlink introduces $10 monthly hardware rental fee

Hackers used Meta’s AI support bot to hijack 20,000 Instagram accounts

Meta faces backlash after facial recognition code found in smart glasses app

Related Articles

Hackers used Meta’s AI support bot to hijack 20,000 Instagram accounts

New ‘HTTP/2 Bomb’ attack can crash major web servers from a single computer

CISA exposed internal passwords and cloud keys in public repository

Canvas restores service after cyberattack disrupted schools and universities

TND News Desk

TND News Desk

Jim Love