{"id":393457,"date":"2022-01-12T18:15:20","date_gmt":"2022-01-12T15:15:20","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/update-your-mac-to-avoid-the-powerdir-attack\/"},"modified":"2022-01-12T18:15:20","modified_gmt":"2022-01-12T15:15:20","slug":"update-your-mac-to-avoid-the-powerdir-attack","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/update-your-mac-to-avoid-the-powerdir-attack\/","title":{"rendered":"#Update Your Mac to Avoid the \u201cpowerdir\u201d Attack"},"content":{"rendered":"

“#Update Your Mac to Avoid the \u201cpowerdir\u201d Attack”<\/strong><\/p>\n

\n
\"Hacker
ViChizh\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n

There\u2019s a vulnerability making the roundS for macOS called \u201cpowerdir\u201d that could lead to unauthorized access, which is precisely what most computer users would like to avoid. App<\/a>le fixed the vulnerability in macOS 11.6 and 12.1, but you need to update your devices to keep yourself safe.<\/p>\n

Interestingly, the vulnerability, which is called CVE-2021-30970, was detailed by the Microsoft\u00a0365 Defender Research Team in an intense\u00a0blog post<\/a>. Microsoft alerted Apple\u00a0through the Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) on July 15, 2021. Apple then fixed<\/a> it on December 13, 2021.<\/p>\n

\u201cMicrosoft security researchers continue to monitor the threat landscape to discover new vulnerabilities and attacker techniques that could affect macOS and other non-Windows devices,\u201d said Microsoft.<\/p>\n

According to Apple\u2019s patch page<\/a>, \u201cA malicious application may be able to bypass Privacy preferences.\u201d To fix it, \u201cA logic issue was addressed with improved state management.\u201d<\/p>\n

The attack is designed to bypass the operating system\u2019s Transparency, Consent, and Control (TCC) technology<\/a>, giving the attacker\u00a0unauthorized access to a user\u2019s protected data. This is far from the first\u00a0TCC vulnerability reported. In fact, the very same patch that fixed the one Microsoft discovered also addressed a few others.<\/p>\n

Based on the technical details Microsoft shared<\/a>, specifically the mention that \u201cit is possible to programmatically change a target user\u2019s home directory and plant a fake TCC database, which stores the consent history of app requests,\u201d this attack must be performed locally. This means you\u2019d have to run specific software on your Mac for them to gain access, or they\u2019d need to actually be sitting in front of your computer.<\/p>\n

According to Microsoft, \u201cUsing this exploit, an attacker could change settings on any application.\u201d Microsoft also said that its exploit \u201callows the modification of settings to grant, for example, any app like Teams, to access the camera, among other services.\u201d<\/p>\n

If you\u2019ve already updated your Mac to the latest versions, you don\u2019t need to worry about this particular vulnerability (that doesn\u2019t mean new attacks won\u2019t pop up). If you\u2019re reluctant to update your Mac for one reason or another, let this major vulnerability serve as a reminder to keep your precious computer updated, as it\u2019s essential for your safety.<\/p>\n<\/div>\n