Skip to main content
  1. Home
  2. Computing

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Update your Mac now to fix vulnerability that gives full access to spying apps

By

Microsoft is warning Mac users to update to the latest version of MacOS Monterey after it found a vulnerability in Apple’s Transparency, Consent, and Control (TCC) feature.

Exploiting this vulnerability could allow malicious actors to spoof the TCC and plant malware or hijack another app on the computer.

macOS Monterey powerdir vulnerability screenshot.
Image used with permission by copyright holder

Introduced in 2012 with MacOS Mountain Lion, TCC is designed to help control an app’s access to things such as the camera, microphone, and data. When an app requests access to protected data, the request is compared to existing stored records in a special database. If the records exist, then the app is denied or approved access based on a flag that denotes the level of access.

Recommended Videos

Otherwise, a prompt is shown to the user to explicitly grant or deny access. Once the user responds, that request is stored in the database and future requests will follow the user’s previous input.

According to Microsoft, the “powerdir” vulnerability, also known as CVE-2021-30970, was actually exploited two times by their security researchers. The first “proof of concept” exploit basically planted a fake TCC database file and changed the user’s home directory.

By doing this, Microsoft was able to change the settings on any application or enable access to the microphone or camera. Microsoft was even cheekily able to give Teams mic and camera access. Microsoft reported these initial findings to Apple in July 2021, though the exploit apparently still worked, despite Apple fixing a similar exploit demonstrated at Black Hat 2021.

The second proof of concept exploit came about because a change in MacOS Monterey’s dsimport tool broke the first exploit. This new exploit allows an attacker to use code injection to change binary called /usr/libexec/configd. This binary is responsible for making system level configuration changes, including access to the TCC database. This allowed Microsoft to silently change the home directory and execute the same kind of attack as the first exploit.

Fortunately, Microsoft again notified Apple of the vulnerability, and it was patched last month. Microsoft is urging macOS users to ensure that their version of MacOS Monterey is updated with the latest patch. The company also took time to promote its own Defender for Endpoint enterprise security solution, which was able to prevent those exploits even before Apple patched them.

There have been previous TCC exploits, including one that utilizes Apple’s built in Time Machine utility, that have since been patched as well. It’s always highly advised to keep all of your devices updated with the latest patches to prevent possible exploits like this. Feel free to read the details of Microsoft’s TCC exploits on their security blog post.

Editors' Recommendations

Topics
David Matthews
David Matthews
Former Digital Trends Contributor
David is a freelance journalist based just outside of Washington D.C. specializing in consumer technology and gaming. He has…
How to take a screenshot on a Mac
The keyboard and trackpad of the MacBook Pro 14-inch.

For most new Mac users -- especially if they're coming from Windows -- one of the first questions they need to ask is how to take a screenshot on a Mac? There's no dedicated Print Screen key like there is on Windows, but there is keyboard shortcut, and if you want something more akin to Microsoft's Windows Snipping tool, there are some great screenshot apps you can use, too.

Here's how to take a screenshot on a Mac in a few different ways.
How to take a screenshot using keyboard shortcuts
MacOS keyboard shortcuts are the quickest ways to take screenshots, whether you're capturing the entire screen or just a portion. By default, Apple's methods save your screenshot to the desktop, but if you want to copy the screenshot to the clipboard, there's a keyboard shortcut you can use instead.
How to capture a selected area

Read more
I was wrong about using Stage Manager on Mac
Stage manager in macOS Ventura.

Stage Manager is one of those software features that has had a rather bumpy road since Apple launched it in 2022. The unique multitasking feature has landed itself in a heap of criticism over its short lifespan.

I, however, was not one of these critics. I was super excited by Stage Manager and the promise it contained. It was something new and shiny, here to shake up macOS in a fresh and different way. Even after using it myself, I foresaw it fundamentally changing the way I used my Mac.

Read more
How to change the default apps on a Mac
Change your Mac’s default apps in three easy steps
MacOS Catalina Hands-on | Macbook Pro

Apple products come loaded with software designed to work seamlessly with the macOS operating system. For example, Safari is the default software used to load websites, Preview is used to view pictures, and Pages will open documents. But if you're not a fan of the built-in software, Apple doesn't lock you into using it. However, you'll need to know exactly where to look if you want to change the default apps on a Mac.

Thankfully, the process is largely the same whether you're running macOS Sonoma 14, Ventura 13, or other macOS versions. It's also easy to reverse the process and go back to using default apps.

Read more