Man
Professional
- Messages
- 3,066
- Reaction score
- 592
- Points
- 113
What would have happened to Apple products if Microsoft hadn't intervened?
Microsoft has discovered and disclosed a vulnerability in Apple's Transparency, Consent, and Control (TCC) framework used in macOS. The vulnerability, codenamed HM Surf and designated CVE-2024-44133, allows bypassing users' privacy settings and accessing their data.
The issue was addressed in the macOS Sequoia 15 update by removing the affected code. The vulnerability could allow attackers to access sensitive data, including visited web pages, using the camera, microphone, and location of the device without the user's consent. This was achieved by removing the TCC protection for the Safari directory and changing the configuration files.
Microsoft said the vulnerability only affects Safari, and the company is working with other browser manufacturers to harden the protection of local configuration files.
Previously, Microsoft found similar vulnerabilities in macOS, such as Shrootless, powerdir, Achilles, and Migraine, which also allowed security bypasses. In the case of HM Surf, the attack involved changing the user's home directory and modifying sensitive files such as «PerSitePreferences.db", which allowed Safari to use the spoofed data at startup.
Safari has unique privileges that allow it to bypass TCC through the "com.apple.private.tcc.allow" privileges, but it also uses the Hardened Runtime mechanism, which makes arbitrary code execution. At the same time, as before, when you first request access to the camera or geolocation, the browser displays a pop-up window for confirmation.
Microsoft noted that the vulnerability was potentially exploited in a well-known AdLoad adware distribution campaign. However, due to the lack of complete information about the attack methods, experts could not confirm whether the HM Surf exploit was actually used. However, such attacks underscore the importance of keeping your security system up to date.
Source
Microsoft has discovered and disclosed a vulnerability in Apple's Transparency, Consent, and Control (TCC) framework used in macOS. The vulnerability, codenamed HM Surf and designated CVE-2024-44133, allows bypassing users' privacy settings and accessing their data.
The issue was addressed in the macOS Sequoia 15 update by removing the affected code. The vulnerability could allow attackers to access sensitive data, including visited web pages, using the camera, microphone, and location of the device without the user's consent. This was achieved by removing the TCC protection for the Safari directory and changing the configuration files.
Microsoft said the vulnerability only affects Safari, and the company is working with other browser manufacturers to harden the protection of local configuration files.
Previously, Microsoft found similar vulnerabilities in macOS, such as Shrootless, powerdir, Achilles, and Migraine, which also allowed security bypasses. In the case of HM Surf, the attack involved changing the user's home directory and modifying sensitive files such as «PerSitePreferences.db", which allowed Safari to use the spoofed data at startup.
Safari has unique privileges that allow it to bypass TCC through the "com.apple.private.tcc.allow" privileges, but it also uses the Hardened Runtime mechanism, which makes arbitrary code execution. At the same time, as before, when you first request access to the camera or geolocation, the browser displays a pop-up window for confirmation.
Microsoft noted that the vulnerability was potentially exploited in a well-known AdLoad adware distribution campaign. However, due to the lack of complete information about the attack methods, experts could not confirm whether the HM Surf exploit was actually used. However, such attacks underscore the importance of keeping your security system up to date.
Source
