Powerdir-exploit-macOs


This morning, Microsoft’s 365 Defender research team released details of a new macOS “Powerdir”  vulnerability that allows an attacker to bypass transparency, consent, and control technology to gain unauthorized access to protected data. 

Apple has already fixed vulnerability CVE-2021-30970  in the macOS Monterey 12.1 Update released in December, so users who have upgraded to the latest version of Monterey are protected. Those who haven’t should update. Apple in its Security Release Notes for Update 12.1  confirmed the vulnerability of TCC  and attributed its discovery to Microsoft.


According to Microsoft, the “Powerdir” security vulnerability could allow the installation of a fake TCC database. 

TCC is a long-lasting macOS feature that allows users to configure the privacy settings of their apps, and with the fake database, an attacker could hijack an app installed on a Mac or install their own malicious app by gaining access to the microphone and the camera to obtain confidential information. 

Microsoft has a detailed description of how the vulnerability works, and the company says  its security researchers continue to “monitor the threat landscape” for new vulnerabilities and attack techniques affecting macOS and other non-Windows devices.

“Software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them,” wrote Microsoft’s security team.