14 DAY TRIAL // Wojciech Ragula from SecureRing and Csaba Fitzl from Offensive Security, revealed at a Black Hat USA briefing two days ago that applications allowed to run on macOS can override permissions granted by the operating system or the user, according to Dark Reading.
Several security holes and bad configurations allowed them to evade Apple's TCC privacy scheme. Bypassing security permissions can lead to a variety of privacy risks, including accessing system files, taking screenshots, and collecting information from the contact book.
However, while the vulnerabilities themselves are not remotely exploitable, attackers can use them to bypass system protections on sensitive data. For the exploit to happen, bad actors need to convince the user to run malicious code. Regula explained that while Apple takes a considerable amount of time, in some cases as long as six months, to investigate and fix bugs, the company maintains its commitment to rewarding such issues.
It's not the first time Apple's macOS has been affected by malware-related privacy issues
In May, Apple took action to address three bugs in tvOS and macOS that had previously allowed malware (known as XCSSET) to take screenshots and collect Safari browser cookies without user consent. Another way to circumvent Apple's operating system privacy permissions is to ask the user to grant permission through a dialog box.
The good news is that TCC is still strong enough to prevent system file encryption during a ransomware attack after a TCC bypass, since privacy-protected files are read and write protected, according to SecuRing's Wojciech Regula. SIP (System Integrity Protection), the basis for TCC, restricts user access to various folders even if they have administrator capabilities. In order to get access to features or programs that have the capability to change TCC permissions, the researchers used multiple approaches, methods that can also be used by skilled hackers.