Jump to content
  • Critical Vulnerabilities Found in macOS Privacy Protections

    aum

    • 403 views
    • 2 minutes
     Share


    • 403 views
    • 2 minutes

    Even though the TCC can prevent encryption during a ransomware attack, it still has some flaws that hackers can exploit

     

    Wojciech Ragula from SecureRing and Csaba Fitzl from Offensive Security, revealed at a Black Hat USA briefing two days ago that applications allowed to run on macOS can override permissions granted by the operating system or the user, according to Dark Reading. 

     

    Several security holes and bad configurations allowed them to evade Apple's TCC privacy scheme. Bypassing security permissions can lead to a variety of privacy risks, including accessing system files, taking screenshots, and collecting information from the contact book.

     

    However, while the vulnerabilities themselves are not remotely exploitable, attackers can use them to bypass system protections on sensitive data. For the exploit to happen, bad actors need to convince the user to run malicious code. Regula explained that while Apple takes a considerable amount of time, in some cases as long as six months, to investigate and fix bugs, the company maintains its commitment to rewarding such issues.

     

    It's not the first time Apple's macOS has been affected by malware-related privacy issues


    In May, Apple took action to address three bugs in tvOS and macOS that had previously allowed malware (known as XCSSET) to take screenshots and collect Safari browser cookies without user consent. Another way to circumvent Apple's operating system privacy permissions is to ask the user to grant permission through a dialog box.

     

    The good news is that TCC is still strong enough to prevent system file encryption during a ransomware attack after a TCC bypass, since privacy-protected files are read and write protected, according to SecuRing's Wojciech Regula. SIP (System Integrity Protection), the basis for TCC, restricts user access to various folders even if they have administrator capabilities. In order to get access to features or programs that have the capability to change TCC permissions, the researchers used multiple approaches, methods that can also be used by skilled hackers.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...