Vulnerability in macOS Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/vulnerability-in-macos/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Mon, 31 Jan 2022 23:17:07 +0000 en-US hourly 1 https://wordpress.org/?v=64879 200474804 Apple paid $100,000 for macOS camera and microphone hack https://gridinsoft.com/blogs/apple-paid-for-macos-camera-and-microphone-hack/ https://gridinsoft.com/blogs/apple-paid-for-macos-camera-and-microphone-hack/#respond Mon, 31 Jan 2022 23:17:07 +0000 https://gridinsoft.com/blogs/?p=7012 Information security researcher Ryan Pickren told how he received a large reward from Apple for hacking the camera and microphone in macOS. He also discovered vulnerabilities in Safari and macOS that could be used to hack into a user’s online accounts. Back in 2020, Ryan Pickren received a $75,000 bug bounty from Apple because he… Continue reading Apple paid $100,000 for macOS camera and microphone hack

The post Apple paid $100,000 for macOS camera and microphone hack appeared first on Gridinsoft Blog.

]]>
Information security researcher Ryan Pickren told how he received a large reward from Apple for hacking the camera and microphone in macOS. He also discovered vulnerabilities in Safari and macOS that could be used to hack into a user’s online accounts.

Back in 2020, Ryan Pickren received a $75,000 bug bounty from Apple because he found several vulnerabilities in Safari at once that could be used to access someone else’s camera and microphone (on devices running iOS and macOS). To exploit those bugs, it was necessary to trick the user into visiting a malicious site.

After receiving the award, the expert continued his research in this area and last year identified another chain of exploits related to iCloud Sharing and Safari 15, the use of which could have even more nasty consequences. As Pickren now reveals on his blog, the new attack combines four vulnerabilities, two of which have been given CVE IDs: CVE-2021-30861 and CVE-2021-30975. Two more bugs were recognized as “design” flaws, and not full-fledged vulnerabilities.

To exploit the new chain of bugs, it was necessary to lure the victim to a malicious site and force them to click on the “Open” button there. If the exploit was successful, the attacker gained access not only to the victim’s webcam and microphone, but also to all accounts on all sites that the victim had ever visited using Safari (including, for example, Gmail, iCloud, Facebook and PayPal).

macOS camera and microphone

The exploit chain included a UXSS vulnerability in Safari, abuse of iCloud’s default sharing feature (ShareBear), and bypassing Gatekeeper.

Essentially, through ShareBear, the victim allows an attacker to inject a file into his system, which can be later executed without user interaction. And even if the original file was not malicious, then the attacker can change its content and extension.Ryan Pickren says.

The fact is that when ShareBear is used to share files, the user needs to click on the “Open” button only once. Such a file can then be run remotely at any time without re-permissions.

The researcher writes that the problems were found in the summer of 2021, but Apple managed to finally eliminate them only recently, in January 2022. As a result, Pikren “earned” $100,500 from these bugs, receiving a large reward as part of the bug bounty program.

Let me remind you that recently MI also wrote that Zerodium offers up to $400,000 for exploits for Microsoft Outlook.

The post Apple paid $100,000 for macOS camera and microphone hack appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/apple-paid-for-macos-camera-and-microphone-hack/feed/ 0 7012
Vulnerability in macOS Leads to Data Leakage https://gridinsoft.com/blogs/vulnerability-in-macos-leads-to-data-leakage/ https://gridinsoft.com/blogs/vulnerability-in-macos-leads-to-data-leakage/#respond Tue, 11 Jan 2022 22:08:46 +0000 https://gridinsoft.com/blogs/?p=6871 Microsoft said that attackers could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology and gain access to protected user data. Back in the summer of 2021, a research group informed Apple developers about a vulnerability dubbed powerdir (CVE-2021-30970). The bug is related to the TCC technology, which is designed to block… Continue reading Vulnerability in macOS Leads to Data Leakage

The post Vulnerability in macOS Leads to Data Leakage appeared first on Gridinsoft Blog.

]]>
Microsoft said that attackers could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology and gain access to protected user data.

Back in the summer of 2021, a research group informed Apple developers about a vulnerability dubbed powerdir (CVE-2021-30970). The bug is related to the TCC technology, which is designed to block applications from accessing sensitive user data. This allows macOS users to customize privacy settings for apps and devices connected to their Macs, including cameras and microphones.

While Apple has restricted access to TCC (only for apps with full disk access) and configured features to automatically block unauthorized code execution, Microsoft researchers have found that attackers could inject a second custom-built TCC database into the system, allowing them to gain access to a secure information.

The point is that TCC supports two types of databases – one for permissions that apply to a specific user profile, and the other for permissions that apply globally, system-wide, protected by System Integrity Protection (SIP), and are only available for applications with full disk access.

We found that it was possible to programmatically change the target user’s home directory and inject a fake TCC database that stores the history of consent for application requests. If this vulnerability is exploited, an attacker, in theory, can launch an attack based on the user’s protected personal data. For example, an attacker can hack an application installed on a device (or install his own malicious application), gaining access to a microphone to record private conversations or take screenshots of sensitive information displayed on the screen.say the experts.

In fact, a user with full disk access can find the TCC.db file, which is a SQLITE database, view it, and even edit it. Thus, an attacker with full access to the TCC databases can grant arbitrary permissions to his malicious applications, which the user will not even know about.

Apple fixed this issue in December 2021 with the release of macOS 11.6 and 12.1.

CVE-2021-30970 is the third TCC bypass issue. Earlier in 2021, Apple fixed bugs CVE-2020-9934 and CVE-2020-27937, as well as the zero-day vulnerability CVE-2021-30713, which also allowed an attacker to gain full access to the disk, record data from the screen, and perform other actions without explicit user consent.

Let me remind you that we wrote that Vulnerability in WebKit engine could redirect iOS and macOS users to scam sites, and also that Spy method NoReboot allows simulating iPhone shutdown and prying through the camera.

The post Vulnerability in macOS Leads to Data Leakage appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/vulnerability-in-macos-leads-to-data-leakage/feed/ 0 6871