The 10 Biggest Cybersecurity Trends in 2024 You Need to Prepare For
October 22, 2024
VMware Issues Updated Patch for vCenter Server to Address Critical RCE Flaw
October 23, 2024
A recently patched macOS vulnerability, identified as CVE-2024-44133, has been found to be potentially exploited in adware attacks. This issue allows attackers to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, gaining access to user data.
The Vulnerability
The vulnerability, which was addressed in macOS Sequoia 15 in mid-September, affects only MDM-managed devices. It involves removing TCC protection for the Safari browser directory and modifying a configuration file to gain unauthorized access to user data, including browsing history, camera, microphone, and location.
Impact on Safari
According to Microsoft, which discovered the security defect, only Safari is affected due to its special privileges, known as private entitlements. These entitlements allow Safari to bypass TCC checks for certain services, including accessing the address book, camera, and microphone.
TCC Protection
TCC is designed to prevent applications from accessing personal information without user consent and knowledge. However, some Apple applications, like Safari, have private entitlements that may allow them to bypass TCC checks.
Exploitation Method
An attacker could exploit this vulnerability, dubbed HM Surf, to take camera snapshots, record device location, and access the microphone. This can be done by modifying Safari’s configuration files and changing the home directory using the dscl utility.
Adload Adware Campaign
Microsoft has observed activity associated with Adload, a macOS adware family, which can provide attackers with the ability to download and install additional payloads. Adload has been seen harvesting information, adding URLs to the microphone and camera approved lists, and downloading and executing a second-stage script.
Importance of Protection
While it’s unclear if the Adload campaign is directly exploiting the HM Surf vulnerability, the use of similar methods to deploy a prevalent threat highlights the importance of having protection against such attacks.
