New macOS Vulnerability Allows Attackers to Bypass Security Controls
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A recentlydiscovered vulnerabilityin macOS, dubbed“HM Surf,” allows attackersto bypass the operatingsystem’s Transparency,Consent, and Control(TCC) technology,gaining unauthorizedaccess to a user’s protected data.
This vulnerability, identified as CVE-2024-44133, wasuncovered byMicrosoft ThreatIntelligence andhas since been addressedby Apple in thelatest securityupdates for macOS Sequoia, releasedon September16, 2024.
The HM Surf vulnerability involves removing TCC protection for the Safari browser directory and modifying a configuration file within that directory.
This allows attackers to access sensitive user data, including browsed pages, the device’s camera, microphone, and location, without the user’s consent.
Microsoft shared its findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).
Currently, only Safari uses the new protections provided by TCC, and Microsoft is collaborating with other major browser vendors to investigate the benefits of hardening local configuration files.
macOS Vulnerability Allows Attackers to Bypass Controls
Behavior monitoring protections in Microsoft Defender for Endpoint have detected activity associated with Adload, a prevalent macOS threat family, potentially exploiting this vulnerability.
Attackers could use this technique to gather sensitive information, such as browsing history, and gain unauthorized access to the device’s camera, microphone, and location.
An exploit for HM Surf involves changing the home directory of the current user, modifying sensitive files under the user’s real home directory, and running Safari to open a webpage that takes a camera snapshot and traces the device location.
popup from Safari (Source: Microsoft)
Attackers could perform stealthy actions, such as hosting the snapshot privately, saving an entire camera stream, recording and streaming microphone audio, and starting Safari in a small window to avoid drawing attention.
Camera via javascript (Source : Microsoft)
Microsoft encourages macOS users to apply the security updates released by Apple as soon as possible. Microsoft Defender for Endpoint can detect and block CVE-2024-44133 exploitation, including anomalous modification of the Preferences file through HM Surf or other methods.
Continuous research on vulnerabilities in security technologies like TCC is crucial to ensure user data is protected from unauthorized access.
Software vendors must work quickly to discover and address vulnerabilities before malicious actors can exploit them. Microsoft Defender for Endpoint uses advanced behavioral analytics and machine learning to detect anomalous activities on devices, providing an additional layer of protection.
As cross-platform threats continue to increase, a coordinated response to vulnerability discoveries and threat intelligence sharing will help strengthen protection technologies that secure users’ computing experience across all platforms and devices.
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
New macOS Vulnerability Allows Attackers to Bypass Security Controls
Author: Guru BaranA recentlydiscovered vulnerabilityin macOS, dubbed“HM Surf,” allows attackersto bypass the operatingsystem’s Transparency,Consent, and Control(TCC) technology,gaining unauthorizedaccess to a user’s protected data.
This vulnerability, identified as CVE-2024-44133, wasuncovered byMicrosoft ThreatIntelligence andhas since been addressedby Apple in thelatest securityupdates for macOS Sequoia, releasedon September16, 2024.
The HM Surf vulnerability involves removing TCC protection for the Safari browser directory and modifying a configuration file within that directory.
This allows attackers to access sensitive user data, including browsed pages, the device’s camera, microphone, and location, without the user’s consent.
Microsoft shared its findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).
Currently, only Safari uses the new protections provided by TCC, and Microsoft is collaborating with other major browser vendors to investigate the benefits of hardening local configuration files.
macOS Vulnerability Allows Attackers to Bypass Controls
Behavior monitoring protections in Microsoft Defender for Endpoint have detected activity associated with Adload, a prevalent macOS threat family, potentially exploiting this vulnerability.
Attackers could use this technique to gather sensitive information, such as browsing history, and gain unauthorized access to the device’s camera, microphone, and location.
An exploit for HM Surf involves changing the home directory of the current user, modifying sensitive files under the user’s real home directory, and running Safari to open a webpage that takes a camera snapshot and traces the device location.
popup from Safari (Source: Microsoft)Attackers could perform stealthy actions, such as hosting the snapshot privately, saving an entire camera stream, recording and streaming microphone audio, and starting Safari in a small window to avoid drawing attention.
Camera via javascript (Source : Microsoft)Microsoft encourages macOS users to apply the security updates released by Apple as soon as possible. Microsoft Defender for Endpoint can detect and block CVE-2024-44133 exploitation, including anomalous modification of the Preferences file through HM Surf or other methods.
Continuous research on vulnerabilities in security technologies like TCC is crucial to ensure user data is protected from unauthorized access.
Software vendors must work quickly to discover and address vulnerabilities before malicious actors can exploit them. Microsoft Defender for Endpoint uses advanced behavioral analytics and machine learning to detect anomalous activities on devices, providing an additional layer of protection.
As cross-platform threats continue to increase, a coordinated response to vulnerability discoveries and threat intelligence sharing will help strengthen protection technologies that secure users’ computing experience across all platforms and devices.
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
