We’ve always known that updating to the latest operating systems was more than just testing the new features that Apple developers have implemented. Improvements and correction of errors are always included, which sometimes seem to be just paperwork, but we know well that this is not the case. In fact, the latest updates to macOS Big Sur and macOS Monterey included a series of improvements and they avoided exposure to a new macOS vulnerability.
Microsoft has reported that a new vulnerability in macOS that ‘could allow an attacker to circumvent the technology of transparency, consent and control (TCC) of the operating system ». Apple fixed this vulnerability last month as part of the macOS Big Sur and macOS Monterey updates. So, oddly enough, Microsoft is encouraging all users to install the latest versions of the aforementioned operating systems.
Apple released the new update for this vulnerability with the release of macOS Monterey 12.1 and macOS Big Sur 11.6.2 on December 13. At the time, Apple simply explained that an app could have been able to bypass privacy preferences. For this reason and as a solution to the problem, updates were released in order to solve the vulnerability.
Now, Microsoft has published through a detailed note on the blog that the problem is exactly and the solution provided. Written by the Microsoft 365 Defender research team, the blog post explains what TCC is. A technology that prevents applications access personal information of users without their consent and prior knowledge.
Given this, if a malicious person gains full disk access to the TCC databases, they could edit it to grant arbitrary permissions to any application of their choice. Including its own malicious application. Nor would the affected user be asked to allow or deny such permissions. That will allow lThe application runs with settings that you may not have known or consented to.