New macOS vulnerability, "HM Surf", could lead to unauthorized data access

Tags

External References

• https://www.microsoft.com/
• https://otx.alienvault.com/

Description

A new macOS vulnerability called 'HM Surf' has been discovered that could allow attackers to bypass the Transparency, Consent, and Control (TCC) technology and gain unauthorized access to protected user data. The exploit involves removing TCC protection for the Safari browser directory and modifying configuration files to access browsed pages, camera, microphone, and location without user consent. Apple has released a fix for this vulnerability (CVE-2024-44133) in macOS Sequoia. Microsoft Defender for Endpoint can detect and block exploitation attempts. The vulnerability affects Safari, which has powerful TCC entitlements. Third-party browsers are not directly impacted but could be vulnerable to similar attacks. Adload, a prevalent macOS threat, has been observed potentially exploiting this vulnerability.

Date