Hacker shows how this macOS flaw can be used to access every file on a Mac

Here at Macworld, we advise users to update their operating systems as soon as possible after Apple drops one. A recent report from Thijs Alkemade, a security researcher at cybersecurity firm Computestreminds, reminds us of the number one reason why: They often contain critical security patches.

As reported by Wired, the macOS vulnerability was discovered in macOS’s saved state feature, which automatically reopens the apps and files you had open when you restart a Mac. Alkemade, who discovered the hole in December 2020, was able to successfully launch a process injection attack against the Mac’s saved state. He was then able to bypass several other Mac security features and then access the user files, change system settings, and use the webcam. Wired said that there is no evidence that this bug has been used in the real world.

The bug, which is filed as CVE-2021-30873 in the National Vulnerability Database, was fixed with the macOS Monterey 12.0.1 update that was released on October 25, 2021. For macOS Catalina, a support document states that the Security Update 2021-007 released on October 24, 2021 includes a patch for the same vulnerability. There doesn’t appear to be a patch available for Big Sur. Versions of macOS older than Catalina (version 10.14.6 Mojave and older) are considered unsupported or obsolete by Apple. A similar flaw was also patched in iOS 14.5 and iPadOS 14.5.

A blog post on the Computest website explains the attack in full detail, and also shows how the fix can be seen using Xcode, Apple’s integrated development environment (IDE) app for writing software. It’s all very technical but you don’t need to be an engineer to understand this warning: “When exempt from SIP’s filesystem restrictions, we can read all files from protected locations, such as the user’s Mail.app mailbox,” Alkemade writes. “We can also modify the TCC database, which means we can grant ourself permission to access the webcam, microphone, etc.”

Alkemade also presented his findings at the Black Hat 2022 conference last week, and his presentation slides are available online. Security researchers often disclose their findings after they have reported to the relevant companies and the vulnerabilities have been fixed.

How to update macOS

Updates for macOS are free. An internet connection is required and your Mac needs to restart. Set aside about 30 minutes to do the install. Here are the steps to do the installation:

  1. Go to System Preferences in the Apple menu
  2. Click on Software Update.
  3. Your Mac will check to see if any updates are available. If so, an Install button will appear. Click it and your Mac will start downloading the update. After that, it will start the installation.

Source : Macworld