Microsoft specialists have discovered a serious vulnerability in the macOS operating system that allows attackers to bypass the Transparency, Consent, and Control (TCC) protection system and gain unauthorized access to users' confidential data.
G. Ostrov
Security researchers from Microsoft have discovered a critical vulnerability in the macOS operating system that could seriously threaten Apple users' privacy. The vulnerability allows attackers to bypass the important TCC protection system and gain access to personal data without the user's knowledge.
What is the TCC Protection System
Transparency, Consent, and Control (TCC) is a key security system in macOS that controls application access to user confidential data. The TCC system is responsible for displaying permission request dialogs when applications attempt to access the camera, microphone, contacts, calendar, photos, and other personal data.
Through TCC, users can control which applications have access to their personal information, which is an important privacy element in the Apple ecosystem.
Details of the Discovered Vulnerability
The vulnerability discovered by the Microsoft Security Response Center team allows malicious applications to completely bypass TCC checks. Attackers can exploit this flaw to gain access to:
- Contacts and address book
- Calendar and reminders
- Photos and videos
- Microphone and camera
- Documents and files
- Browser history and bookmarks
The distinctive feature of this vulnerability is that it allows access to data without displaying standard permission request dialogs, making the attack practically invisible to the user.
Technical Side of the Problem
The vulnerability is related to improper handling of certain system calls in macOS. Attackers can use specially crafted applications that exploit flaws in the TCC architecture to gain elevated privileges.
The problem affects several versions of macOS and could potentially be used in both local attacks and through malicious applications distributed via the internet.
Apple's Response and Security Measures
Microsoft responsibly reported the discovered vulnerability to the Apple team following coordinated vulnerability disclosure principles. Apple confirmed receipt of the information and is working on fixing the problem.
Apple plans to release a security update soon that will close the discovered gap. Until the patch is released, users are advised to be particularly careful when installing new applications, especially from unknown sources.
Recommendations for Users
Until the official fix is released, macOS users are recommended to:
- Install applications only from the Mac App Store or from trusted developers
- Regularly check application permissions in system settings
- Not run suspicious files and applications
- Monitor security updates from Apple
This incident emphasizes the importance of cooperation between major technology companies in cybersecurity and shows that even the most protected systems can have vulnerabilities.
More information about macOS security can be found on the official Apple website.
If you have any problems, please contact us, we will help quickly and efficiently!