‘Powerdir’ New macOS Bug Let Hackers Accessed Unauthorized User Data Access

A new macOS vulnerability has been detected recently by the security team of Microsoft that is tracked as “powerdir,” and this vulnerability is identified as CVE-2021-30970.

This security flaw allows any threat actors to bypass one of the crucial technologies of macOS, Transparency, Consent, and Control (TCC).

Evading the Transparency, Consent, and Control (TCC) technology of macOS means gaining unauthorized access to the protected data of macOS users.

Microsoft via MSVR has reported this security flaw to Apple through Coordinated Vulnerability Disclosure (CVD), and after getting notified by the Microsoft’s Security Team, Apple promptly fixed this vulnerability.

On December 13, 2021, Apple released the fix as a part of security updates (macOS Monterey 12.1), and they have strongly recommended users to apply the security updates immediately.

Flaw profile

  • CVE ID: CVE-2021-30970
  • Description: A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.
  • Assigning CNA: Apple Inc.
  • Base Score: 5.5
  • Severity: MEDIUM

TCC (Transparency, Consent, and Control)

TCC (Transparency, Consent, and Control) is a technology that was initially launched with macOS Mountain Lion by Apple in 2012, and this technology was launched by Apple to help the users to configure their privacy settings for the device’s apps like:-

  • Camera
  • Microphone
  • Location
  • Calendar
  • iCloud account

There are two types of TCC databases, and they are:-

  • User-specific database
  • System-wide database

Exploiting Powerdir

By, exploiting this vulnerability (Powerdir) a fake TCC database can be planted by the attackers, and here at this point, the attackers could exploit the TCC with the fake database to perform several malicious actions.

Here are the malicious actions that could be performed:-

  • Hack an app installed on a Mac.
  • Install their own malicious app.
  • Access the device’s microphone.
  • Access the camera to obtain sensitive and confidential data.

Not only that even to test the powerdir vulnerability the cybersecurity researchers at Microsoft has also made a proof-of-concept exploit.

Along with the fix for the TCC, Apple has also added several other fixes and new features in this new release or security update macOS Monterey 12.1.

Apart from this, Microsoft has affirmed that they are closely and constantly monitoring the ongoing malicious events like this that affect macOS and other non-Windows devices to understand the threat landscape better and counter them efficiently.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.