We are so used to Microsoft being warned of Windows vulnerabilities by other companies, it is easy to forget Microsoft itself is a leader in cybersecurity. This week, the company is warning of a “powerdir” vulnerability found in Apple’s macOS. Yes, even Apple’s secure platform gets caught out sometimes.
Microsoft describes Powerdir as a flaw that could allow threat actors to access a Mac device and take personal data. Apple has reacted quickly to the disclosure and is already rolling out a patch for this problem.
As always, the best advice is to download the security patch. You can see details on the relevant fix on Apple’s patch notes.
Apple gave Microsoft credit for discovering the flaw, and now that a fix is available Microsoft is discussing the issue publicly. In a blog post, Microsoft Security describes powerdir as a vulnerability that would “allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data.”
Microsoft gets plenty technical breaking down the flaw, but the crux is it is an issue in TCC.
TCC was a feature brought to macOS back in 2012 and it allows users to configure their privacy settings across applications. For example, access for location, microphone, camera, and iCloud account.
Apple uses software the stop unauthorized code execution in TCC, also enforcing a policy to stop access to the feature if an app does not have full disk access. Microsoft Security found it could change the target user home directory and create a fake TCC database.
This new fake location would store all consents given to apps. If a threat actor exploits the vulnerability, they could access personal data.
Tip of the day: With many reachable wireless access points popping up and disappearing again, the available networks list can become quite annoying. If needed you can use the allowed and blocked filter list of Windows to block certain WiFi networks or all unknown WiFi networks.