Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Update your Mac now to fix vulnerability that gives full access to spying apps

Microsoft is warning Mac users to update to the latest version of MacOS Monterey after it found a vulnerability in Apple’s Transparency, Consent, and Control (TCC) feature.

Exploiting this vulnerability could allow malicious actors to spoof the TCC and plant malware or hijack another app on the computer.

macOS Monterey powerdir vulnerability screenshot.
Image used with permission by copyright holder

Introduced in 2012 with MacOS Mountain Lion, TCC is designed to help control an app’s access to things such as the camera, microphone, and data. When an app requests access to protected data, the request is compared to existing stored records in a special database. If the records exist, then the app is denied or approved access based on a flag that denotes the level of access.

Recommended Videos

Otherwise, a prompt is shown to the user to explicitly grant or deny access. Once the user responds, that request is stored in the database and future requests will follow the user’s previous input.

Please enable Javascript to view this content

According to Microsoft, the “powerdir” vulnerability, also known as CVE-2021-30970, was actually exploited two times by their security researchers. The first “proof of concept” exploit basically planted a fake TCC database file and changed the user’s home directory.

By doing this, Microsoft was able to change the settings on any application or enable access to the microphone or camera. Microsoft was even cheekily able to give Teams mic and camera access. Microsoft reported these initial findings to Apple in July 2021, though the exploit apparently still worked, despite Apple fixing a similar exploit demonstrated at Black Hat 2021.

The second proof of concept exploit came about because a change in MacOS Monterey’s dsimport tool broke the first exploit. This new exploit allows an attacker to use code injection to change binary called /usr/libexec/configd. This binary is responsible for making system level configuration changes, including access to the TCC database. This allowed Microsoft to silently change the home directory and execute the same kind of attack as the first exploit.

Fortunately, Microsoft again notified Apple of the vulnerability, and it was patched last month. Microsoft is urging macOS users to ensure that their version of MacOS Monterey is updated with the latest patch. The company also took time to promote its own Defender for Endpoint enterprise security solution, which was able to prevent those exploits even before Apple patched them.

There have been previous TCC exploits, including one that utilizes Apple’s built in Time Machine utility, that have since been patched as well. It’s always highly advised to keep all of your devices updated with the latest patches to prevent possible exploits like this. Feel free to read the details of Microsoft’s TCC exploits on their security blog post.

David Matthews
Former Digital Trends Contributor
David is a freelance journalist based just outside of Washington D.C. specializing in consumer technology and gaming. He has…
I finally tried Apple Intelligence in macOS Sequoia to see if it lived up to the hype
The redeisgned Siri user interface in macOS Sequoia.

For the last few years, Apple’s macOS releases have been interesting, if not particularly exciting. But that’s all set to change this year with the launch of macOS Sequoia, and it’s all thanks to one feature: Apple Intelligence.

Apple’s artificial intelligence (AI) platform has the potential to completely change how you use your Mac on a daily basis. From generating images, rewriting emails, and summarizing your audio recordings to revamping Siri into a much more capable virtual assistant, Apple Intelligence could be the most significant new macOS feature in years.

Read more
You can finally try out Apple Intelligence on your Mac. Here’s how
macOS Sequoia being introduced by Apple's Craig Federighi at the Worldwide Developers Conference (WWDC) 2024.

The second developer beta of macOS Sequoia is open for business and it includes Apple Intelligence features. It looks like anyone can try it out as long as you're not in China. That includes people in the EU -- even though the AI features might not launch there right away. The features available for testing include Writing Tools, Siri, Safari and Mail summaries, Smart Replies, Memory Movies, transcription features, Reduce Interruptions Focus Mode, and a few more. If you want to have a look yourself, here's everything you need to do to download the beta and activate Apple Intelligence.

Before you start, make sure you've backed up your Mac with Time Machine so you can restore the previous version if anything goes wrong. You can also use a secondary device if you have another Apple silicon Mac lying around because beta versions can go wrong and you have to download them at your own risk.

Read more
The best Mac apps for 2024: top software for your Mac
The app store open on a MacBook Pro.

One of the best parts about owning a Mac is the massive ecosystem of superb Mac apps it gives you access to. There are apps available to Mac users no matter what you are looking for, whether that's productivity, photo and video editors, security suites, and more. You can get them from Apple's own App Store or from third-party developer websites, and many of the best Mac apps are even free.

Whether you just bought your first Mac or you're a longtime Apple customer, here's a look at some of the best macOS apps you can get.
Best Mac apps to change your interface

Read more