![]() ![]() This new exploit allows an attacker to use code injection to change binary called /usr/libexec/configd. The second proof of concept exploit came about because a change in MacOS Monterey’s dsimport tool broke the first exploit. Microsoft reported these initial findings to Apple in July 2021, though the exploit apparently still worked, despite Apple fixing a similar exploit demonstrated at Black Hat 2021. Microsoft was even cheekily able to give Teams mic and camera access. The first “proof of concept” exploit basically planted a fake TCC database file and changed the user’s home directory.īy doing this, Microsoft was able to change the settings on any application or enable access to the microphone or camera. Once the user responds, that request is stored in the database and future requests will follow the user’s previous input.Īccording to Microsoft, the “powerdir” vulnerability, also known as CVE-2021-30970, was actually exploited two times by their security researchers. Otherwise, a prompt is shown to the user to explicitly grant or deny access. Ranking the best (and worst) versions of macOS from the last 20 years Google Chrome’s latest update solves the browser’s biggest problem This major Apple bug could let hackers steal your photos and wipe your device See the Wiki for build instructions and other documentation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |