doolik website logo
Artificial intelligence (AI) is transforming numerous industries, and web development is no exception. By automating routine tasks, enhancing user experience, and improving overall efficiency, AI is reshaping the way websites and web applications are designed and maintained. This integration not only streamlines development processes but also opens up new possibilities for creating more dynamic and personalized web experiences.
image of this article category

Microsoft warns Mac users of a security vulnerability

13.01.2022 05:16 AM
Microsoft warns Mac users of a security vulnerability
dooklik website logo
share this article on facebook
share this article on twitter
share this article on whatsapp
share this article on facebook messenger
Microsoft warns Mac users of a security vulnerability
Microsoft is warning Mac users not to upgrade to the latest version of macOS Monterey after it discovered a vulnerability in Apple's Transparency, Approval and Control (TCC) feature.

Exploiting this vulnerability could allow malicious actors to forge anti-terror code, plant malware, or take over another application on your computer.

Introduced in 2012 with macOS Mountain Lion, TCC is designed to help control an app's access to things like your camera, microphone, and data.

When an application requests access to protected data, the request is compared to records stored in a private database. And if the records exist, the application will be denied or access granted based on a flag indicating the level of access reported by The Verege.

Otherwise, a prompt is shown to the user to explicitly grant or deny access. Once the user responds, that request is stored in the database and future requests will follow the user's previous input.

According to Microsoft, the "powerdir" vulnerability, also known as CVE-2021-30970, has been exploited twice by security researchers. The first "proof of concept" exploit essentially implanted a fake TCC database file and changed the user's home directory.

By doing this, Microsoft was able to change the settings in any app or enable access to the microphone or camera. Microsoft was unobtrusively able to give Teams the microphone and the camera. Microsoft reported these preliminary results to Apple in July 2021, although the exploit appears to be still working, despite Apple fixing a similar exploit shown at Black Hat 2021.

The second proof of concept of the exploit came because a change in the dsimport tool for macOS Monterey broke the first vulnerability. This new exploit allows an attacker to use code injection to alter a binary called /usr/libexec/configd. This duo is responsible for making system-wide changes, including accessing the TCC database. This allowed Microsoft to silently change the home directory and perform the same type of attack as the first exploit.

Fortunately Microsoft notified Apple again of the vulnerability, and it was patched last month. Microsoft urges macOS users to make sure their version of macOS Monterey is updated with the latest patch. The company also took the time to promote its Defender for Endpoint enterprise security solution, which was able to prevent these vulnerabilities even before Apple patched them.
Related Articles
doolik website logo
A new trend has spread on Instagram in which users share their answers to 11 questions, including age, height, date of birth, and other questions about phobias, for example.
doolik website logo
LinkedIn, under the aegis of its parent company Microsoft, is embracing the next wave of technological advancement with the integration of more generative AI features. Given Microsoft's significant investments in AI, it’s no surprise to see LinkedIn rolling out a suite of AI-driven tools aimed at enhancing the user experience for both job seekers and recruiters. Here’s a closer look at LinkedIn’s latest AI enhancements and what they mean for the professional community.
doolik website logo
Are you an iPhone user looking to run Meta (formerly Facebook) ads through the app? Hold on tight because there's a hidden cost you might not be aware of: Apple's 30% fee.
Live Video Streaming
Live video streaming lets you engage with your audience in real time with a video feed. Broadcast your daily show to your audience with no limits, no buffering and high quality videos. Reach all devices anytime anywhere with different video qualities that suits any device and any connection.
The website uses cookies to improve your experience. We’ll assume you’re ok with this, but you can opt-out if you wish.