Today > 1 Critical | 2 High | 6 Medium vulnerabilities   -   You can now download lists of IOCs here!

New macOS vulnerability, "HM Surf", could lead to unauthorized data access

Oct. 21, 2024, 9:53 a.m.

Description

A new macOS vulnerability called 'HM Surf' has been discovered that could allow attackers to bypass the Transparency, Consent, and Control (TCC) technology and gain unauthorized access to protected user data. The exploit involves removing TCC protection for the Safari browser directory and modifying configuration files to access browsed pages, camera, microphone, and location without user consent. Apple has released a fix for this vulnerability (CVE-2024-44133) in macOS Sequoia. Microsoft Defender for Endpoint can detect and block exploitation attempts. The vulnerability affects Safari, which has powerful TCC entitlements. Third-party browsers are not directly impacted but could be vulnerable to similar attacks. Adload, a prevalent macOS threat, has been observed potentially exploiting this vulnerability.

Date

Published: Oct. 18, 2024, 2:09 p.m.

Created: Oct. 18, 2024, 2:09 p.m.

Modified: Oct. 21, 2024, 9:53 a.m.

Attack Patterns

Adload

Adload

T1059.004

T1071.001

T1222.002

T1059.002

T1082

T1140

T1033

T1068