Visible to the public "Microsoft: macOS 'Powerdir' Flaw Could Let Attackers Gain Access to User Data"Conflict Detection Enabled

Microsoft has disclosed a vulnerability found in Apple's macOS that could allow an attacker to gain unauthorized access to protected user data by circumventing the operating system's Transparency, Consent, and Control (TCC) technology. After the Microsoft Security Vulnerability Research (MSVR) team reported its finding to Apple's product security team on July 15, 2021, the vulnerability dubbed Powerdir was addressed in a rollout of security updates released on December 13, 2021. The TCC technology was designed to help users configure the privacy settings of applications on their devices. To maintain the security of the TCC technology, Apple created a feature that prevents unauthorized code execution and established a policy to limit TCC access only to applications with full disk access. However, the Powerdir flaw would allow attackers to evade this feature and execute an attack on a macOS device. This article continues to discuss the Powerdir flaw and other TCC vulnerabilities that Apple has patched in recent years.

Dark Reading reports "Microsoft: macOS 'Powerdir' Flaw Could Let Attackers Gain Access to User Data"