A MacOS vulnerability called "powerdir" has just been uncovered by cybersecurity researchers from Microsoft, and it could put all of your sensitive private data in danger.
UKRAINE - 2021/06/07: In this photo illustration the macOS Monterey logo on an Apple website seen displayed on a smartphone screen with an Apple logo in the background. Apple has started its Worldwide Developers Conference (WWDC), an information technology conference, where it presented the iOS 15, iPadOS 15, macOS 12 and watchOS 8.
TechRadar reports that the powerdir vulnerability, which has been tracked as CVE-2021-30970, could give hackers access to your private data by bypassing TCC (Transparency, Consent and Control) technology in Apple's desktop OS.
TCC has been in all iterations of MacOS since 20212's Mountain Lion. Initially, its main purpose was to help users fiddle with the privacy settings of specific apps. This is why Mac users can set up privacy settings for apps that use certain tech like cameras, microphones, or GPS.
In addition, TCC is also connected to users' calendars or iCloud accounts-the latter being among the most dangerous due to the potential of having critical data, such as financials.
To protect against the vulnerability, Microsoft is advising MacOS users to download the most recent security updates released last December 13, 2021. That would be Monterey 12.1 to all Mac users out there.
If you want to learn more about the update, you can go to the support website for details.
This news comes after the discovery of the "Shrootless" vulnerability in October of last year. Shrootless gained notoriety for its ability to allow attackers to execute arbitrary code with a similar root-level privilege.
What this basically means is that hackers will get to execute their malicious code on your device without any roadblocks, allowing them to do almost anything they want. However, this vulnerability has already been patched by Apple, as per Ars Technica.
Cyberattacks were among the biggest problems that plagued 2021. Last year even closed with constant news of Log4j attacks, which has actually continued well into 2022.
hacker group
Read Also: Cybersecurity Demands Proactive Design Thinking
Just How Bad Is This New MacOS Vulnerability?
Short answer: pretty bad. The dangers are even more pronounced if you host a lot of critical, private data on your device.
As per the original TechRadar report, powerdir can allow hackers to remotely access these critical files or change important privacy settings. For one, the Microsoft 365 research team demonstrated how somebody can turn on your computer's camera or microphone without you knowing.
People have been developing "Zoom Dysmorphia" due to how they look in the webcam.
When this happens, any bit of information you say could be used against you. You might find yourself talking about important things like your financial situation, your home address, or almost anything else to somebody. This could also be especially dangerous when you're using an app such as Microsoft Teams.
There is also a chance that the hackers would also exploit the vulnerability to take a screenshot of any important information displayed on your screen.
Everybody Is At Risk
If you think you're not in danger of losing much as a private individual, you're mistaken. Cyberattacks can target anyone at any time-not just multi-million/billion-dollar companies. Your personal data in the wrong hands could constitute identity theft, which is not something you want to deal with at this day and age.
Related Article: Journalist Says His iPhone was Hacked After Hacker Simply Sent Him a Text
This article is owned by Tech Times
Written by RJ Pierce
