Skip to main content
  1. Home
  2. Computing
  3. Trash
  4. News

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Update your Mac now to fix vulnerability that gives full access to spying apps

Add as a preferred source on Google

Microsoft is warning Mac users to update to the latest version of MacOS Monterey after it found a vulnerability in Apple’s Transparency, Consent, and Control (TCC) feature.

Exploiting this vulnerability could allow malicious actors to spoof the TCC and plant malware or hijack another app on the computer.

macOS Monterey powerdir vulnerability screenshot.
Image used with permission by copyright holder

Introduced in 2012 with MacOS Mountain Lion, TCC is designed to help control an app’s access to things such as the camera, microphone, and data. When an app requests access to protected data, the request is compared to existing stored records in a special database. If the records exist, then the app is denied or approved access based on a flag that denotes the level of access.

Otherwise, a prompt is shown to the user to explicitly grant or deny access. Once the user responds, that request is stored in the database and future requests will follow the user’s previous input.

According to Microsoft, the “powerdir” vulnerability, also known as CVE-2021-30970, was actually exploited two times by their security researchers. The first “proof of concept” exploit basically planted a fake TCC database file and changed the user’s home directory.

By doing this, Microsoft was able to change the settings on any application or enable access to the microphone or camera. Microsoft was even cheekily able to give Teams mic and camera access. Microsoft reported these initial findings to Apple in July 2021, though the exploit apparently still worked, despite Apple fixing a similar exploit demonstrated at Black Hat 2021.

The second proof of concept exploit came about because a change in MacOS Monterey’s dsimport tool broke the first exploit. This new exploit allows an attacker to use code injection to change binary called /usr/libexec/configd. This binary is responsible for making system level configuration changes, including access to the TCC database. This allowed Microsoft to silently change the home directory and execute the same kind of attack as the first exploit.

Fortunately, Microsoft again notified Apple of the vulnerability, and it was patched last month. Microsoft is urging macOS users to ensure that their version of MacOS Monterey is updated with the latest patch. The company also took time to promote its own Defender for Endpoint enterprise security solution, which was able to prevent those exploits even before Apple patched them.

There have been previous TCC exploits, including one that utilizes Apple’s built in Time Machine utility, that have since been patched as well. It’s always highly advised to keep all of your devices updated with the latest patches to prevent possible exploits like this. Feel free to read the details of Microsoft’s TCC exploits on their security blog post.

David Matthews
David is a freelance journalist based just outside of Washington D.C. specializing in consumer technology and gaming. He has…
Microsoft wants Windows 11 and your phone to become best friends
Microsoft's latest plans reportedly focus on making the PC and smartphone experience feel seamless.
Windows 11 PC with Android Phone

For years, Phone Link has felt like that one app everyone knows exists but rarely remembers to open. Microsoft apparently wants to change that. According to a report from Windows Central, the company is working on a major overhaul of how smartphones integrate with Windows 11, making phones feel like a native part of the operating system instead of something users access through a separate app.

Phone Link is coming out of hiding

Read more
What are Copilot+ PCs? Everything you need to know
Copilot

Walk through a laptop aisle in 2026 and the Copilot+ PC branding is highlight for most Windows laptops. From Microsoft's own surface to other PC makers like Samsung, HP, and Dell, you can find notebooks that carry this badge to convey that they are AI-ready. At a glance, the name sounds like it refers to a computer with a better version of the Copilot chatbot, which only explains a small part of it.

A Copilot+ PC is a Windows 11 computer that meets Microsoft’s hardware standard for advanced on-device AI features like a compatible processor with a dedicated NPU. You also need a certain amount of RAM and storage, all of which brings access to Windows features such as Recall, Click to Do, and much more. Many of these experiences use the NPU to process information locally, reducing their reliance on cloud servers and helping them run more efficiently in the background.

Read more
ASUS expands its ProArt lineup with a compact keyboard and a smart creator mouse
The new ProArt KD300 and MD301 are designed to make life easier for designers, editors, and creators.
ASUS ProArt Keyboard KD300 and ProArt Mouse MD301

Creators have long had plenty of powerful laptops and monitors to choose from. Keyboards and mice? Not so much. ASUS is looking to change that with the expansion of its ProArt accessory lineup. Leading the announcement is the new ProArt Keyboard KD300, a compact low-profile keyboard that's designed to work alongside the ProArt Mouse MD301, giving creators a matching desktop setup built specifically for productivity instead of gaming.

A compact keyboard that doesn't sacrifice functionality

Read more