Microsoft Discovered New ‘Powerdir’ macOS Vulnerability, Fixed in 12.1 Update

Spread the love
Microsoft’s 365 Defender Research Team this morning published details on a new “Powerdir” macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.

powerdir exploit microsoft
Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the latest version of Monterey are protected. Those who have not done so should update. Apple in its security release notes for the 12.1 update confirmed the TCC vulnerability and credited Microsoft with its discovery.

According to Microsoft, the “Powerdir” security flaw could allow a fake TCC database to be planted. TCC is a long running macOS function that lets users configure the privacy settings of their apps, and with the fake database, a malicious person could hijack an app installed on a Mac or install their own malicious app, accessing the microphone and camera to obtain sensitive info.

Microsoft has a detailed outline of how the vulnerability works, and the company says that its security researchers continue to “monitor the threat landscape” to discover new vulnerabilities and attacker techniques that affect macOS and other non-Windows devices.

“Software vendors like Apple, security researchers, and the larger security community, need to continuously work together to identify and fix vulnerabilities before attackers can take advantage of them,” wrote Microsoft’s security team.

Popular Stories

Your iPhone May Be Sending Message Read Receipts Even If You Turned Them Off

A recurring iOS bug that makes Apple’s Messages app send read receipts despite the setting being disabled appears to be on the upswing again, based on reports from users running iOS 15.
In iOS, with read receipts enabled (Settings -> Messages -> Send Read Receipts), the “Delivered” text that a person sees under an iMessage they have sent you turns to “Read” when you’ve viewed it in the…

Best Apple-Related Accessories at CES 2022

CES 2022 is wrapping up today, and while it was a more muted event because of the ongoing pandemic that saw many exhibitors and attendees cancel, there were still plenty of new product announcements. In our latest YouTube video, we rounded up some of the best Apple-related accessories that we saw this year.
Subscribe to the MacRumors YouTube channel for more videos. Garmin Venu 2 Plus…

Top Stories: iPhone 14 Pro Without Notch, AirPods Pro 2, and More for 2022

Happy New Year 2022! With calendars turning over to the new year, it’s a great opportunity to look ahead at expectations for 2022 and there has been no shortage of rumors on that front already.
This week saw rumors about the iPhone 14 Pro, AirPods Pro 2, the next iPhone SE, and more, while we wrapped up 2021 and kicked off 2022 with the first two episodes of our new podcast, The MacRumors…

WhatsApp Starts Rolling Out Profile Pictures in iOS Message Notifications

WhatsApp is testing a helpful new feature on iOS that displays profile pictures in system notifications when users receive new messages from chats and groups.
Image credit: WABetaInfo First spotted by app specialist WABetaInfo, the first new feature for the platform in 2022 uses APIs in iOS 15 to add the WhatsApp profile images to notifications in top-screen banners and in the Notification…

Peloton Now in Trouble Thanks to Apple Fitness+

Peloton’s business model is in peril due to the growth of Apple Fitness+ and a clash of interests in the digital health space, according to analyst Neil Cybart.
In a thread on Twitter, Cybart explained that despite rapid expansion in recent years, Peloton is now “in a precarious state.” As a business, Peloton has high customer acquisition costs, translating to high product pricing. The…

Samsung Galaxy S22 Lineup Gets First In-Depth Closeup in Unboxing Video

Tech YouTuber Unbox Therapy recently shared a video looking at reputed dummies of Samsung’s forthcoming Galaxy S22 lineup, corroborating earlier leaks that suggest it will again consist of three sizes to compete directly with Apple’s latest devices, the iPhone 13 mini, iPhone 13/Pro, and iPhone 13 Pro Max models.
From right to left: Samsung Galaxy S22, S22 Plus, and S22 Ultra (credit: Unbox …

The iPhone 14 Is Unlikely to Be Portless, Here’s Why

Ever since Apple removed the headphone jack on the iPhone 7 in 2016, rumors have swirled that Apple eventually aims to ditch the Lightning port next for a completely portless design. Indeed, analysts originally predicted that the highest-end ‌‌iPhone‌‌ 13 would offer a “completely wireless experience.” Of course, that didn’t happen, but a portless iPhone 14 in 2022 looks just as unlikely, for the …

Apple Event in Spring 2022? Three New Products We Could See

Apple’s first major product announcements of the year often occur in March or April, so there’s a reasonable chance that trend will continue in 2022. Ahead, we recap some of Apple’s past spring announcements and look ahead to some of the first new Apple products that we might see this year.
Past Spring Announcements
Last year, Apple held an event on April 20 to unveil its AirTag item…

Leaker Says iPhone 14 Pro to Feature Pill-Shaped Camera Cutout With Face ID Under the Display

iPhone 14 Pro models will feature a pill-shaped camera cutout at the top of the display, with the notch removed, according to tweets shared by leaker @dylandkt, who has proven to be a reliable source of Apple-related rumors over the last year or so. To accommodate this change, the leaker said Face ID hardware will be moved under the display.
While it has been widely reported that iPhone 14…

Leave a Reply