{"id":25348,"date":"2024-10-18T09:10:08","date_gmt":"2024-10-18T17:10:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/10\/18\/news-19078\/"},"modified":"2024-10-18T09:10:08","modified_gmt":"2024-10-18T17:10:08","slug":"news-19078","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/10\/18\/news-19078\/","title":{"rendered":"Unauthorized data access vulnerability in macOS is detailed by Microsoft"},"content":{"rendered":"\n

The Microsoft Threat Intelligence team disclosed details<\/a> about a macOS vulnerability, dubbed “HM Surf,” that could allow an attacker to gain access to the user\u2019s data in Safari. The data the attacker could access without users\u2019 consent includes browsed pages, along with the device\u2019s camera, microphone, and location.<\/p>\n

The vulnerability, tracked as CVE-2024-44133<\/a> was fixed in the September 16 update<\/a> for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later).<\/p>\n

It is important to note that this vulnerability would only impact Mobile Device Management (MDM) managed devices. MDM managed devices are typically subject to centralized management and security policies set by the organization’s IT department.<\/p>\n

Microsoft has dubbed the flaw \u201cHM Surf.\u201d By exploiting this vulnerability an attacker could bypass the macOS Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user\u2019s protected data.<\/p>\n

Users may notice Safari\u2019s TCC in action when they browse a website that requires access to the camera or the microphone. They may see a prompt like this one:<\/p>\n

\"\"
Image courtesy of Microsoft<\/figcaption><\/figure>\n

What Microsoft discovered was that Safari maintains its own separate TCC policy which it maintains in various local files.<\/p>\n

At that point Microsoft figured out it was possible to modify the sensitive files, by swapping the home directory of the current user back and forth. The home directory is protected by the TCC, but by changing the home directory, then change the file, and then making it the home directory again, Safari will use the modified files.<\/p>\n

The exploit only works on Safari because third-party browsers such as Google Chrome, Mozilla Firefox, or Microsoft Edge do not have the same private entitlements as Apple applications. Therefore, those apps can\u2019t bypass the macOS TCC checks.<\/p>\n

Microsoft noted that it observed suspicious activity in the wild associated with the Adload adware that might be exploiting this vulnerability. But it could not be entirely sure whether the exact same exploit was used.<\/p>\n

\n

\u201cSince we weren\u2019t able to observe the steps taken leading to the activity, we can\u2019t fully determine if the Adload campaign is exploiting the HM surf vulnerability itself. Attackers using a similar method to deploy a prevalent threat raises the importance of having protection against attacks using this technique.\u201d<\/p>\n<\/blockquote>\n

We encourage macOS users to apply these security updates as soon as possible if they haven\u2019t already.<\/p>\n

\n

Malwarebytes for Mac<\/a> takes out malware, adware, spyware, and other threats before they can infect your machine and ruin your day. It\u2019ll keep you safe online and your Mac running like it should.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft disclosed details about the HM Surf vulnerability that could allow an attacker to gain access to the user\u2019s data in Safari <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[2211,32039,32040,10403,32,10543,20989],"class_list":["post-25348","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apple","tag-cve-2024-44133","tag-hm-surf","tag-macos","tag-news","tag-safari","tag-tcc"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25348"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25348\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25348"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}