Microsoft Discovered New ‘Powerdir’ macOS Vulnerability, Fixed in 12.1 Update


This morning, Microsoft’s 365 Defender research team released details of a new macOS “Powerdir” vulnerability that allows attackers to bypass transparency, consent and control technology to gain unauthorized access to secure data.

Apple has already fixed the vulnerability CVE-2021-30970 in the macOS Monterey 12.1 update released in December, to protect users who have been upgraded to the latest version of Monterey. Who should not update. Apple has confirmed the vulnerability of TCC in the security release notes for its Update 12.1 and attributes its discovery to Microsoft.

According to Microsoft, a “powerdeer” security vulnerability could allow the installation of fake TCC databases.

TCC is a long-running macOS feature that allows users to configure the privacy settings of their applications, and with a fake database, an attacker can hijack an application installed on a Mac or install their own malicious application by gaining access to a microphone. Camera to get confidential information.

Microsoft has a detailed description of how vulnerabilities work, and the company says its security researchers continue to “monitor the threat landscape” for new vulnerabilities and attack techniques affecting macOS and other non-Windows devices.

“Software vendors such as Apple, security researchers and the larger security community need to continue to work together to identify vulnerabilities before attackers can take advantage of them,” Microsoft’s security team wrote.

Similar Posts

Leave a Reply

Your email address will not be published.