Microsoft issued a warning about macOS security errors, urging users to update the software immediately

It is designed to prevent applications from accessing users' personal information without their prior knowledge and consent.

This is a high-risk-rated vulnerability that allows an attacker to remotely install spyware on a target's device. Therefore, users are recommended to update the operating system on their devices to the latest software version, in order to minimize any potential risks.

This vulnerability, called 'powerdir' (tracking identifier CVE-2021-30970), was first discovered by the Microsoft Security Vulnerability Research (MSVR) security team, and has been fully notified to Apple. through the Coordinated Vulnerability Disclosure (CVD) mechanism between major technology companies.

Talking about this vulnerability, the representative (MSVR) said:

'We discovered that it is possible to programmatically change the target user's home directory and create a dummy TCC database. This database stores the consent history of application requests. If exploited on unpatched systems, this vulnerability could allow an attacker to orchestrate an attack based on a user's protected personal data.

For example, an attacker could hijack an app installed on the device — or install their own malicious app — and gain access to the microphone to record private conversations, or capture screen shot of sensitive information displayed on the user's screen'.

Apple released a patch for the vulnerability on December 13, 2021. However, not many people are really aware of this issue. That's why Microsoft is urging macOS users to apply the patches as soon as possible.

Micah Soto

Update 13 January 2022