Microsoft has warned that malicious actors could obtain unauthorized access to protected macOS user data by exploiting the powerdir vulnerability, tracked as CVE-2021-30970, which evades transparency, consent, and control technology, according to BleepingComputer
Threat actors could continue planting another TCC database for accessing protected user information even though Apple has already limited TCC access to apps with complete disk access, as well as prevented unauthorized code execution, said researchers.
"We discovered that it is possible to programmatically change a target user's home directory and plant a fake TCC database, which stores the consent history of app requests. If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data," said Microsoft Principal Security Researcher Jonathan Bar Or.
The vulnerability, which has already been patched in security updates issued last month, comes after three other TCC bypasses since 2020.
"This shows that even as macOS
or other operating systems and applications become more hardened with each release, software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them," Bar Or said.