Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Update your Mac now to fix vulnerability that gives full access to spying apps

Microsoft is warning Mac users to update to the latest version of MacOS Monterey after it found a vulnerability in Apple’s Transparency, Consent, and Control (TCC) feature.

Exploiting this vulnerability could allow malicious actors to spoof the TCC and plant malware or hijack another app on the computer.

macOS Monterey powerdir vulnerability screenshot.
Image used with permission by copyright holder

Introduced in 2012 with MacOS Mountain Lion, TCC is designed to help control an app’s access to things such as the camera, microphone, and data. When an app requests access to protected data, the request is compared to existing stored records in a special database. If the records exist, then the app is denied or approved access based on a flag that denotes the level of access.

Otherwise, a prompt is shown to the user to explicitly grant or deny access. Once the user responds, that request is stored in the database and future requests will follow the user’s previous input.

According to Microsoft, the “powerdir” vulnerability, also known as CVE-2021-30970, was actually exploited two times by their security researchers. The first “proof of concept” exploit basically planted a fake TCC database file and changed the user’s home directory.

By doing this, Microsoft was able to change the settings on any application or enable access to the microphone or camera. Microsoft was even cheekily able to give Teams mic and camera access. Microsoft reported these initial findings to Apple in July 2021, though the exploit apparently still worked, despite Apple fixing a similar exploit demonstrated at Black Hat 2021.

The second proof of concept exploit came about because a change in MacOS Monterey’s dsimport tool broke the first exploit. This new exploit allows an attacker to use code injection to change binary called /usr/libexec/configd. This binary is responsible for making system level configuration changes, including access to the TCC database. This allowed Microsoft to silently change the home directory and execute the same kind of attack as the first exploit.

Fortunately, Microsoft again notified Apple of the vulnerability, and it was patched last month. Microsoft is urging macOS users to ensure that their version of MacOS Monterey is updated with the latest patch. The company also took time to promote its own Defender for Endpoint enterprise security solution, which was able to prevent those exploits even before Apple patched them.

There have been previous TCC exploits, including one that utilizes Apple’s built in Time Machine utility, that have since been patched as well. It’s always highly advised to keep all of your devices updated with the latest patches to prevent possible exploits like this. Feel free to read the details of Microsoft’s TCC exploits on their security blog post.

Editors' Recommendations

David Matthews
Former Digital Trends Contributor
David is a freelance journalist based just outside of Washington D.C. specializing in consumer technology and gaming. He has…
Stop using these default Mac apps — trust me
A person using a MacBook Air connected to two monitors.

Apple makes a huge variety of its own Mac apps, and some of them are among the best Mac apps you can get. The problem is that while many of them are pretty excellent, that’s not the case for every last one -- some are middling while others are worth avoiding altogether.

Whatever the case, you might be looking for an alternative to Apple’s built-in Mac apps. Here, we’ve catalogued the apps we think you should replace first, and suggested which third-party apps you should swap them out for. That should bring you more features and an all-around better Mac experience.
Calculator (use PCalc instead)
The PCalc app in macOS Sonoma Digital Trends

Read more
Here are 5 macOS 15 features that I can’t wait to see
Apple CEO Tim Cook walks off stage after speaking during the Apple Worldwide Developers Conference.

Apple’s Worldwide Developers Conference (WWDC) is less than a month away, meaning it’ won't be long before we find out exactly what sort of updates are coming to macOS 15. It’s always an exciting time for Mac users, as we get to find out what Apple is doing to tune up its operating systems and improve the Mac experience for all of us.

By this stage, we’ve already seen a bunch of intriguing leaks hinting at what’s coming in macOS 15. There are a few things I really want Apple to fix, as well as plenty of cool features heading our way if the rumors prove to be correct.

Read more
The 6 key things Apple must fix in the next version of macOS
Craig Federighi introducing macOS Sonoma at Apple's Worldwide Developers Conference (WWDC) in June 2023.

I use macOS every day, and there’s no doubt that I love it as an operating system. Yet, despite how full of genuinely brilliant features it is, there are still a handful of things I just wish it did better.

Luckily, Apple’s Worldwide Developers Conference (WWDC) is just a month away, which means there’s not long until we see what kind of software improvements Apple has in store for us. I’ve been thinking hard about what kind of changes I’d like to see happen, from Siri to Stage Manager and everything in-between. Here are the key areas I think Apple needs to fix in macOS 15.
Hey Siri, meet AI
Even when I ask Siri for the WWDC date, it can't give me a straight answer. Digital Trends

Read more