https://safirsoft.com Microsoft security researchers have discovered a macOS exploit that can modify TCC permissions

Why it matters: Microsoft on Monday publicly disclosed a vulnerability in macOS that could be used to access or extract sensitive user information. This breach is facilitated by a flaw in the Transparency, Satisfaction and Control (TCC) framework. The TCC platform is part of macOS that allows users to control which applications can access users' data, files, and components.

The Microsoft 365 Defender research team named the vulnerability (CVE-2021-30970) "powerdir" after the malware developed by Microsoft researcher Jonathan Barber. In July 2021, Microsoft reported a vulnerability to Cupertino. Apple corrected the bug in December with macOS 11.6 and 12.1. “If exploited on unmodified systems, this vulnerability could allow a malicious agent to launch an attack based on privately protected personal data,” he explained. Organize the user.

https://safirsoft.com <b>Microsoft</b> <b>security</b> <b>researchers</b> <b>have</b> <b>discovered</b> a vulnerability in <b>macOS</b> <b>that</b> could get <b>TCC</b> licenses to change. However, <b>TCC</b> also licenses other components, including screen capture, Bluetooth, location services, contacts, photos, and more. </ p> <p> <b>Microsoft</b> creates software specifically for this purpose. Each program <b>can</b> use the same program. The <b>exploit</b> exploit technology requires full disk access to the <b>TCC</b> database, which <b>can</b> be granted through other methods. Once acquired, hackers <b>can</b> arbitrarily set or set access permissions. Powerdir is the third <b>TCC</b> bypass found in recent years. Two more cases (CVE-2020-9934 and CVE-2020-27937) were detected and patched in 2020. Another flaw (CVE-2021-30713) <b>discovered</b> across all Apple operating systems last year allowed attackers to gain arbitrary control over licenses effectively controlled by hackers. It was abused in May before the issue was resolved. </ p></div><br><div class=Tags: microsoft, security, researchers, have, discovered, macos, exploit, can, modify, tcc, permissions


https://safirsoft.com An unmodified Safari form can reveal your browsing history and other metadata

An unmodified Safari form can reveal your browsing history and other metadata

Why it matters: Researchers have discovered a bug in Safari 15 that could allow a website to access your recent browsing history, as well as your Goog...
https://safirsoft.com Microsoft warns of Ukrainian disk cleaner malware

Microsoft warns of Ukrainian disk cleaner malware

Over the weekend, Microsoft issued a warning about malware targeting the government and other organizations in Ukraine that erases data from damaged s...
https://safirsoft.com Crypto.com exchange hacked, but CEO downplayed its severity

Crypto.com exchange hacked, but CEO downplayed its severity

Editor’s Note: Apparently, one of the world’s largest cryptocurrencies has been hit by a security breach with around 4,600 Atrium tokens worth ove...
https://safirsoft.com Custom malware written on Windows, macOS, and Linux detected

Custom malware written on Windows, macOS, and Linux detected

Why it matters: In December 2021, the Intezer security team identified a custom malware written on a Linux web server, a leading educational instituti...
https://safirsoft.com Intel SGX aging affects DRM and Ultra HD Blu-ray support

Intel SGX aging affects DRM and Ultra HD Blu-ray support

Big Picture: Today's technology delivers high-quality videos at the touch of a button. But while streaming is very convenient, factors ranging from su...
https://safirsoft.com Russia says infamous ransomware group shut down REvil

Russia says infamous ransomware group shut down REvil

What happened? The Russian FSB has arrested members of REvil, the ransomware group responsible for numerous cyberattacks across the United States last...