October 21, 2024 at 09:40AM
Microsoft warns macOS users to update systems due to a vulnerability (CVE-2024-44133) in Safari that could allow malware to exploit privacy settings. Attackers may access cameras, microphones, and user locations. The bug breaches Apple’s Transparency, Consent, and Control protections, which Microsoft is actively working to address.
### Meeting Takeaways Summary:
1. **Vulnerability Disclosure**: Microsoft has identified a privacy-threatening vulnerability in macOS, tracked as CVE-2024-44133 (CVSS 5.5), which affects Safari and may be exploited by Adloader malware.
2. **User Impact**: Successful exploitation could allow attackers to:
– Take photos via the device camera.
– Record audio through the microphone.
– Access the user’s location.
– Access sensitive user data (e.g., address book).
3. **TCC Protections**: The vulnerability targets Apple’s Transparency, Consent, and Control (TCC) protections, which manage application access to device features through user approvals.
4. **Exploit Methodology**: Jonathan Bar Or detailed how the exploit—dubbed “HM Surf”—modifies Safari’s configuration files to bypass TCC protections, enabling unauthorized access to sensitive features.
5. **Safety Measures**: Microsoft has developed and implemented new detection strategies to monitor suspicious activity related to this vulnerability.
6. **Apple’s Response**: Apple is expected to implement new APIs to enhance its System Integrity Policy (SIP) to prevent configuration file modifications, thus addressing the vulnerability.
7. **Browser Security Developments**:
– Other browsers like Firefox and Chromium have not yet fully adopted necessary security measures, but work is ongoing, especially by Chromium to address core issues through os_crypt.
– Microsoft’s Defender is being optimized to detect harmful modifications in Safari’s directory.
8. **Recommendation for Users**: macOS users are urged to update their systems to the latest macOS Sequoia updates to mitigate the vulnerability.