BleepingComputer cybersecurity experts: Threat actors exploit the CVE-2021-20038 to execute code as the 'nobody' user in compromised appliances.
Microsoft: MacOS Monterey suffers the “powerdir” flaw. The vulnerability CVE-2021-30970 allows to bypass the TTC, gaining access to a user’s data. Update your systems ASAP!
MacOS Monterey has a new vulnerability, dubbed “powerdir”. It has been denounced by Microsoft cybersecurity experts. It could allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user’s protected data. Researchers discovered that it is possible to programmatically change a target user’s home directory and plant a fake TCC database, which stores the consent history of app requests. If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user’s protected personal data. Apple released a fix for the flaw, identified as CVE-2021-30970, as part of security updates released on December 13, 2021. Update your system ASAP!