scorecardresearch
Update your Mac now to fix a vulnerability that lets attackers gain access to your sensitive data

Update your Mac now to fix a vulnerability that lets attackers gain access to your sensitive data

Microsoft has revealed that this macOS vulnerability made it possible for an attacker to programmatically change a target user's home directory and plant a fake TCC database. Here's everything you need to know.

Story highlights
  • Microsoft discovered a macOS vulnerability.
  • Apple has already released the fix for this vulnerability.
  • Users need to download the macOS Monterey12 update immediately.

Microsoft recently discovered a new macOS vulnerability that could allow an attacker to access your sensitive data. The company's Microsoft 365 Defender Research team claims that the new "Powerdir" macOS vulnerability can bypass the operating system's Transparency, Consent, and Control (TCC) tech and gain unauthorized access to users' data.

If you are a Mac user, then you should not panic as Apple has already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update. The update was reportedly released back in December 2021. So, if you have updated your device to the latest version, then you don't need to worry about it. But, those who haven't downloaded the update should do it immediately.

Apple has mentioned in its macOS Monterey12.1 security release notes that the update fixes the TCC vulnerability. The company has also given credit to Microsoft for discovering it. In a blog post, Microsoft revealed that this vulnerability made it possible for an attacker to programmatically change a target user's home directory and plant a fake TCC database.

In case you are wondering, TCC was introduced by Apple back in 2012 to help users configure the privacy settings of their apps, such as access to the device's camera, microphone, or location, as well as access to the user's calendar or iCloud account. But, with the fake database, an attacker might easily be able to install their malicious app or hijack an app to obtain sensitive info.

Microsoft has detailed this security flaw in a blog post and asserted that it will "continue to monitor the threat landscape to discover new vulnerabilities and attacker techniques that could affect macOS and other non-Windows devices."

How to enable important background updates on Mac?

There is a reason why people are asked to use the latest software version on their devices. The tech companies keep releasing security updates that help fix all the bugs or vulnerabilities, which is why it is important to always download and use the latest software version.

For the same reason, Apple lets you enable important background updates on Mac. In order to get background updates promptly, one needs to keep the "Install system data files and security updates" setting enabled in the Software Update preferences. For this, users can go to System Preferences > Software Update, and then click on Advanced.