The Microsoft 365 Defender Research Team reported a vulnerability in Apple’s MacBook Pro model T5 to Apple via the Microsoft Security Vulnerability Research (MSVR) on July 15, 2021. TCC is a security technology designed to allow Apple users to control the privacy settings of the apps installed on their systems and devices connected to their Macs, including cameras and microphones. Apple has assured users that its new TCC will only allow full disk access to apps with set up features to automatically block unauthorized code execution.
Loopholes
Microsoft researchers discovered that cybercriminals could trick a user into clicking on a malicious link to gain access to personal information stored in a TCC database.
Reported TCC bypasses
Apple has also patched other TCC bypasses reported since 2020, including:
Environment variable poisoning Time Machine mounts Bundle conclusion issue
Besides, Apple has fixed the vulnerability in security updates released last month, on December 13, 2021. “A malicious application may be able to bypass Privacy preferences,” as per the security advisory. Apple has dealt with the logic flaw behind the powerdir security flaw bug by developing better state management.
Shrootless
Microsoft today disclosed a security flaw, codenamed Shrootless, that would allow an attacker to bypass System Integrity Protection (SIP) and perform arbitrary operations, elevate privileges to root, and install rootkits on vulnerable devices. The company’s researchers also discovered new variants of macOS malware known as UpdateAgent or Vigram, updated with new evasion and persistence tactics. Last year, in June, a security researcher (Redmond) from Tactical Network Solutions revealed critical flaws in a number of NETGEAR router models. Hackers could use the flaws to breach and move laterally within enterprise networks. Have you faced any of these setbacks? Share your thoughts with us in the comment section below.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
