Microsoft highlights macOS ‘powerdir’ vulnerability, details dangers

Apple Macbook Pro 2021 DanSource: Daniel Rubino / Windows Central

Though Windows has its own laundry list of vulnerabilities and security issues, macOS isn’t perfect either. Take, for example, the recent “powerdir” vulnerability that left the door open for attackers to gain access to Mac users’ personal data.

Before digging into the nitty-gritty of powerdir, it’s worth noting that Apple’s already patched the vulnerability (and credited Microsoft), so if you haven’t downloaded security updates for a few weeks, you should. You can read the full scoop on macOS updates over at Apple’s patch notes.

Now that the issue’s fixed, Microsoft has taken to its blog to publicly dissect powerdir and give those interested in its inner workings a better understanding of the vulnerability. It had the power to “allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data,” according to the blog.

You’re going to need technical knowledge to understand the bulk of Microsoft’s post on the subject, so either be prepared to Google (or, heh, Bing) a lot or come prepared with knowledge of what a hexadecimal blob is.

Microsoft’s post, beyond just explaining the danger, gives useful examples of the threat posed by powerdir. It shows the vulnerability giving an attacker the ability to enable camera and microphone access in any app, including Microsoft Teams. It also addresses the history of TCC dangers and how powerdir is far from the only one.

We may earn a commission for purchases using our links. Learn more.

Leave a Reply

Your email address will not be published. Required fields are marked *