Ethical Hacking News
A potentially exploitable vulnerability has been discovered in Apple's Safari browser, which could allow attackers to access sensitive user data. Experts warn that this bug, tracked as CVE-2024-44133, is a serious security concern that highlights the need for robust security measures to protect user privacy.
Apple fans are advised to update their macOS systems immediately due to a newly discovered vulnerability in Safari's Transparency, Consent, and Control (TCC) protections. The vulnerability, rated with a CVSS score of 5.5, targets TCC protections designed to ensure users have control over apps' requests for access to features. Microsoft has developed an exploit for the vulnerability, which is localized to Safari and does not affect other third-party browsers. The issue allows malicious actors to bypass TCC protections, granting them free access to sensitive device information and features. Apple plans to address the issue by launching new APIs for App Group Containers to prevent config file modifications by attackers.
Apple fans are advised to update their macOS systems immediately, as a newly discovered vulnerability (CVE-2024-44133) in the Safari browser has been potentially exploited by the Adloader malware family. This bug, rated with a CVSS score of 5.5, targets Apple's Transparency, Consent, and Control (TCC) protections, which are designed to ensure users have control over apps' requests for access to various features.
According to Microsoft's Jonathan Bar Or, who developed an exploit for the vulnerability, the issue is localized to Safari and no other third-party browsers are vulnerable. However, the Windows giant is working with them to secure the core issue at play – local configuration files. TCC's role in macOS is to display prompts and ask whether to approve/deny requests from apps for access to various features, driven by what Apple calls "entitlements."
For example, if an app wants access to a device's microphone, the developers enable the entitlement that prompts a user to accept that access request. Once approved/denied, the setting should remain that way until the user changes it. Safari has an entitlement that allows it to bypass all TCC protections, and if a user approves it, the app would have free access to all the components that could threaten privacy, as well as things like the device's address book.
To demonstrate how the vulnerability works, Bar Or developed an exploit by modifying the config files in the Safari browser directory, where its TCC-related files are kept. He then used the Directory Service command line utility (dscl) to change a user's home directory, modify sensitive files in a way that removed TCC protections, change the home directory again so Safari uses those modified files, and then run Safari so they could take snaps, record audio, see download histories, and more.
Furthermore, Bar Or noted that a bad guy could feasibly start Safari in a tiny window so as not to arouse suspicion, all while uploading the data they were after to a server of their choice. This highlights the severity of the issue and emphasizes the importance of having protection against attacks using this technique.
In response to the vulnerability, Microsoft has worked up and deployed new detection strategies. The resulting intel from these revealed some suspicious activity that Microsoft claimed bore a hallmark of Adloader. "Since we weren't able to observe the steps taken leading to the activity, we can't fully determine if the Adload campaign is exploiting the HM Surf vulnerability itself," Bar Or blogged.
"Attackers using a similar method to deploy a prevalent threat raises the importance of having protection against attacks using this technique." It remains to be seen how Apple will address this issue, but it is likely that the company will launch new APIs for App Group Containers so its System Integrity Policy (SIP) can prevent config files from being modified by an attacker.
In conclusion, the recently discovered vulnerability in Safari's TCC protections highlights the importance of keeping software up-to-date and using robust security measures to protect user privacy. As users, it is essential to be aware of such vulnerabilities and take proactive steps to secure their devices and data.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/10/21/microsoft_macos_hm_surf/
Published: Mon Oct 21 10:28:42 2024 by llama3.2 3B Q4_K_M
