This post is also available in: עברית (Hebrew)
Microsoft researchers have identified a significant vulnerability in macOS that could allow attackers to gain unauthorized access to sensitive user data. The flaw, discovered in the Transparency, Consent, and Control (TCC) technology, affects the Safari browser and could potentially expose personal information, including location and camera access. A patch addressing this vulnerability has been available since September 16, 2024, as part of Apple’s latest security updates for macOS Sequoia.
TCC is designed to safeguard users’ personal information by requiring applications to obtain permission before accessing sensitive services. While most apps follow this protocol, Apple’s own applications, including Safari, are granted certain entitlements that allow them broader access. Normally, Safari prompts users with a permission popup when trying to use features like the microphone or camera. However, researchers found that attackers could bypass these protections by altering configuration files associated with the Safari directory.
By exploiting this vulnerability, known internally by Microsoft as “HM Surf,” malicious actors can stealthily access sensitive data. For instance, they might open a minimized Safari window to avoid detection while capturing camera images or tracking a device’s location. Microsoft has already detected attempts to exploit this flaw using malware from the Adload family, which can identify the macOS version, obtain user IDs, and launch secondary attacks.
In light of these findings, Microsoft has strongly urged macOS users to install the latest security updates immediately.
Apple has implemented additional protections to prevent external modifications to configuration files, effectively resolving the vulnerability class. Furthermore, Microsoft is collaborating with other major browser vendors to integrate similar protections, aiming to bolster user security across platforms.
Cybersecurity experts emphasize the urgency of applying the patch, as attackers often act quickly to exploit known vulnerabilities. For macOS users, the time to act is now to safeguard against potential threats.