Contact Info

Atlas Cloud LLC 600 Cleveland Street Suite 348 Clearwater, FL 33755 USA

support@dedirock.com

Client Area
Recommended Services
Supported Scripts
WordPress
Hubspot
Joomla
Drupal
Wix
Shopify
Magento
Typeo3

Microsoft recently revealed information regarding a security vulnerability in Apple’s Transparency, Consent, and Control (TCC) framework within macOS, which has potentially been exploited to bypass user privacy settings and gain unauthorized access to data.

This vulnerability, codenamed HM Surf, is assigned the identifier CVE-2024-44133. Apple addressed the issue in the latest macOS Sequoia 15 update by eliminating the compromised code.

According to Jonathan Bar Or from Microsoft’s Threat Intelligence team, HM Surf “involves lifting the TCC protections for the Safari browser directory and altering a configuration file within that directory, allowing access to user data without consent, including browsing history, and utilizing the device’s camera, microphone, and location capabilities.”

Microsoft indicated that the new security measures implemented are restricted to Apple’s Safari browser and that the company is collaborating with other leading browser vendors to investigate further enhancements to local configuration file security.

HM Surf follows a history of Microsoft uncovering vulnerabilities in Apple’s macOS, such as Shrootless, powerdir, Achilles, and Migraine, all of which could enable attackers to bypass security measures.

The TCC framework is designed to prevent applications from accessing personal user information without permission. However, the recently discovered vulnerability may allow attackers to evade this protection, gaining unauthorized access to services like location tracking, contact lists, as well as camera and microphone functionalities.

Access to these features is controlled by a specific set of entitlements, which allow certain Apple applications, including Safari, to bypass TCC using the “com.apple.private.tcc.allow” entitlement.

While this allows Safari to access sensitive permissions without hindrance, it is also tied to a security feature known as Hardened Runtime that complicates the execution of arbitrary code within the browser.

When users first land on a website requesting access to their location or camera, Safari presents a TCC-like prompt seeking permission. These entitlements are organized on a per-website basis within various files located in the “~/Library/Safari” directory.

The HM Surf exploit alleged by Microsoft involves multiple steps:

  • Manipulating the current user’s home directory using the dscl utility, which doesn’t require TCC access in macOS Sonoma
  • Editing sensitive files (like PerSitePreferences.db) located in “~/Library/Safari” within the actual home directory of the user
  • Reverting the home directory to its original state prompts Safari to utilize the modified files
  • Activating Safari to navigate to a webpage that can capture images through the device’s camera and access the user’s location

Furthermore, Microsoft noted that this attack could be extended to record ongoing camera feeds or covertly capture audio via the Mac’s built-in microphone. Other web browsers remain unaffected by this issue as they lack the same private entitlements that Apple’s apps possess.

Microsoft has reported observing suspicious behavior linked to a known macOS adware threat named AdLoad, which might be leveraging this vulnerability, stressing the need for users to ensure they have the latest updates installed.

“While we were unable to trace all the steps leading to this activity, we cannot definitively state whether the AdLoad campaign exploits the HM Surf vulnerability,” Bar Or explained. “The potential use of a similar method by attackers to deploy common threats highlights the critical need for protective measures against such tactics.”

Found this article interesting? Follow us on Twitter and LinkedIn to access more exclusive content we share.


Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.

Share this Post
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x