Microsoft published a blog post yesterday detailing a new macOS Monterey security vulnerability that was discovered by Jonathan Bar Or, a senior security researcher at the Redmond company. The flaw, dubbed "powerdir", was present in the OS" Transparency, Consent, and Control (TCC) technology. This could be exploited by threat actors and attackers to gain unauthorized access to user data.
Microsoft uncovered a new macOS vulnerability, “powerdir,” that could allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data.
The macOS TCC is essentially a user data privacy and protection management technology that helps to control an app"s access to user data. Hence, no one in their right mind would want a hacker to gain control over it.
While the details about this discovery were published yesterday, Microsoft had already alerted Apple about its findings earlier. The Cupertino giant has fixed the issue in its December 2021 macOS Monterey 12.1 update under the assigned ID "CVE-2021-30970". The changelog for this bug fix reads:
TCC
Available for: macOS Monterey
Impact: A malicious application may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state management.
CVE-2021-30970: Jonathan Bar Or of Microsoft
There are also several other security fixes in this release and many of them for the TCC too. The macOS Monterey 12.1 update also brings many new features that you can read about here.
Source: Microsoft