1. Forum
  2. tqw
  3. TQW GENTECH

  • Microsoft claims it found a major macOS security bug that could p

    From TechnologyDaily@1337:1/100 to All on Monday, October 21, 2024 10:30:05
    Microsoft claims it found a major macOS security bug that could put all your data at risk

    Date:
    Mon, 21 Oct 2024 09:14:08 +0000

    Description:
    The company claims to have found evidence of in-the-wild abuse.

    FULL STORY ======================================================================

    Microsoft security researchers have uncovered a vulnerability in the macOS operating system that could allow threat actors to gain access to sensitive data stored on the device.

    The company detailed its findings in a blog post , which claimed the flaw bypasses the operating systems Transparency, Consent, and Control (TCC) technology, and it was dubbed HM Surf.

    The bug is now tracked as CVE-2024-44133. It has a severity score of 5.5 (medium), and was fixed in mid-September 2024. What about Chrome, or Firefox?

    Microsoft explained that the vulnerability removes TCC protection for the Safari browser directory, and allows for the modification of a configuration file in that directory. As a result, the malicious actor gains access to user data, such as browsed pages, the camera, microphone, location, and more - all without user consent.

    While the bug being patched is definitely good news, there is a caveat. As explained in the article, only Safari uses the new protections afforded by
    the TCC, at the moment. That means other browsers, such as Chrome, or
    Firefox, do not have the same private entitlements as Apple applications, so they cant work around the TCC checks. In other words, once a user approves
    TCC checks, the app is the one maintaining access to the privacy database.

    Microsoft is currently collaborating with other major browser vendors to investigate the benefits of hardening local configuration files, the company explained.

    Apple users are encouraged to apply the security update as soon as possible, since Microsoft claims to have found a possible case of in-the-wild abuse:

    Behavior monitoring protections in Microsoft Defender for Endpoint has detected activity associated with Adload, a prevalent macOS threat family, potentially exploiting this vulnerability, it concluded. More from TechRadar Pro Google hails move to Rust for huge drop in memory vulnerabilities Here's
    a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-claims-it-found-a-major-macos -security-bug-that-could-put-all-your-data-at-risk


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)