Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Microsoft details macOS vulnerability that allowed protected data access

Microsoft has released details of the "Powerdir" vulnerability that allowed an attacker to access protected data on a Mac, prior to the December macOS Monterey patches.

Published on Monday, the blog by the Microsoft 365 Defender Research Team explains the details behind the Powerdir vulnerability. The discovery could allow attackers to "bypass the operating system's Transparency, Consent and Control (TCC) technology" allowing access to protected user data.

TCC was introduced by Apple to macOS Mountain Lion in April 2012, and is designed to help users configure privacy settings for apps. For example, it would enable or deny access to onboard cameras and microphones, a user's calendar, or an iCloud account.

As a means to protect TCC, Apple also included a feature to prevent unauthorized code execution, as well as adding a policy restricting access to TCC only to apps with full disk access.

In its lengthy explanation, Microsoft says it managed to work out how to change a user's home directory to plant a fake TCC database. An attacker could then use the database change to perform an attack on elements that would otherwise be protected by TCC normally.

This could involve an attacker taking over an app already installed on the Mac, or installing one of their own, and in turn accessing the user's data. It could also feasibly be used to gain access to a connected camera or mic, to actively spy on the user.

Microsoft responsibly disclosed the discovery with Apple, which led to the creation of a fix. Apple patched the exploit as part of its update to macOS 12.1 on December 13.

It is unclear exactly how severe the vulnerability is to exploitation, but a reading suggests the risk is reasonably low for most users. Changing the home directory would normally require local access, or pairing with some form of mechanism that grants a level of control for it to work remotely, and it is prevented for anyone who regularly updates their Mac anyway.

How to protect yourself

As macOS Monterey 12.1 is protected from the issue, the simple answer is to update macOS to the latest version. Apple also released an update at the same time for macOS Big Sur 11.6.2, so older Macs that don't support Monterey can be protected from the problem.

It is generally good practice to update all Macs to the latest supported operating system update, as soon as possible after its release.



11 Comments

rob53 13 Years · 3314 comments

And we’re congratulating the largest vendor of malware for what reason? 

aatb 14 Years · 11 comments

rob53 said:
And we’re congratulating the largest vendor of malware for what reason? 

Following the notification process correctly and helping MacOS be more secure?  

rob53 13 Years · 3314 comments

aatb said:
rob53 said:
And we’re congratulating the largest vendor of malware for what reason? 
Following the notification process correctly and helping MacOS be more secure?  

Vulnerability had to do with software Microsoft didn’t like so they tried to work around it. When they discovered how to attack it, one employee had the ethics to tell Apple about it. Microsoft doesn’t do anything that isn’t of value to them. They spent decades not patching their software because they felt there wasn’t an alternative. Now they have a good income stream from Mac users so they’re trying to keep it.

5 posts??

cpsro 14 Years · 3239 comments

rob53 said:
And we’re congratulating the largest vendor of malware for what reason? 

For educating every malware maker about how to target macOS. It wasn't enough that the vulnerability was patched.

wood1208 10 Years · 2939 comments

Microsoft must keep it's mouth shut when the OS vulnerability is concern. Individuals and businesses have lost so much in money,time,productivity and frustration because of Windows vulnerability exploited by many people creating and installing viruses for decades. Microsoft helped created Windows anti-virus software industry. Another burden on Windows customers to buy and keep paying upgrading.