October 18, 2024 at 02:36AM
Microsoft revealed a security flaw in Apple’s TCC framework affecting macOS, tracked as CVE-2024-44133, allowing unauthorized access to user data via Safari. Patched in macOS Sequoia 15, it highlights vulnerabilities that could expose sensitive information. Users are urged to update to enhance security against potential exploitation.
### Meeting Takeaways – October 18, 2024
**Topic:** Security Vulnerability in Apple’s macOS Transparency, Consent, and Control (TCC) Framework
1. **Vulnerability Disclosure:**
– Microsoft has identified and disclosed a security flaw in Apple’s TCC framework, codenamed **HM Surf** (CVE-2024-44133).
– This vulnerability has been patched in **macOS Sequoia 15**.
2. **Nature of the Vulnerability:**
– HM Surf allows attackers to bypass user privacy preferences, obtaining unauthorized access to sensitive user data (browsed pages, camera, microphone, location) via modification of Safari’s configuration files.
– This exploit affects Apple’s Safari browser only; third-party browsers are not vulnerable due to differing entitlements.
3. **Mechanism of Attack:**
– The attack can involve changing a user’s home directory using the **dscl utility**, modifying sensitive files within the **~/Library/Safari** directory, then reverting the home directory and launching Safari to exploit permitted access.
4. **Risks Identified:**
– Microsoft noted suspicious activity related to the macOS adware threat **AdLoad** possibly leveraging this vulnerability, emphasizing the need for immediate updates to protect users.
5. **Protection Measures:**
– New protections have been implemented specifically for Safari, and Microsoft is collaborating with other browser vendors to enhance local configuration file security.
– Users are urged to apply the latest macOS updates to mitigate risks from this and potentially similar vulnerabilities.
6. **Related Information:**
– Previous vulnerabilities identified by Microsoft in macOS include **Shrootless, powerdir, Achilles,** and **Migraine**, which similarly allowed security bypassing.
### Action Items:
– Encourage users to immediately update to macOS Sequoia 15.
– Monitor ongoing developments regarding browser security enhancements and user privacy protections.
For further updates, follow Microsoft on Twitter and LinkedIn.