Microsoft cảnh báo hàng triệu người dùng Apple – hãy cập nhật ngay để ngừng đe dọa hack nguy hiểm #MicrosoftWarning #AppleUsers #UpdateNow #HackingThreat #HMsurf #macOS #SecurityUpdates #DataPrivacy #TCCprotections #Safari #MicrosoftCollaboration #Chromium #Firefox #AppleResponse.
New warning affects millions of Apple users
This new threat is real. Microsoft warns it has likely been exploited, giving attackers “unauthorized access to a user’s protected data.” And that data includes “browsed webpages, the device’s camera, microphone, and location,” all without you knowing.
This new hack, dubbed “HM Surf,” affects macOS users where their devices have centralized control via a mobile device management (MDM) setup. As such, this is a risk to enterprise users rather than home users. It works by forcing a bypass of the device’s TCC (Transparency, Consent, and Control) protection within Safari, essentially enabling Safari to access device data that it shouldn’t and then delivering that data to an attacker. “We shared our findings with Apple,” Microsoft says, with the iDevice maker releasing a fix “now identified as CVE-2024-44133 as part of security updates for macOS Sequoia, released on September 16, 2024.” Suffice to say, all macOS users should ensure they have this update their machines.
Microsoft also says that while “at present, only Safari uses the new protections afforded by TCC, (we are) currently collaborating with other major browser vendors to investigate the benefits of hardening local configuration files.” The security researchers discovered that the relevant Safari config files were stored in a user’s home directory, which they could change around to remove TCC protections. And so, while Safari also requests permission for access to such services, maintaining its own permission list, bypassing TCC in this way left everything open to attack.
“We encourage macOS users to apply these security updates as soon as possible,” Microsoft says. TCC is designed to protect your private data from apps running on your machine, “including services such as location services, camera, microphone, downloads directory, and others, without prior consent and knowledge.” When an app does require access, you should see a pop-up asking for the specific permission.
What you should see with TCC protections in place
The issue, as Microsoft explains, is that “Apple reserves some entitlements to their own applications, which are known as private entitlements… Safari, the default browser in macOS, has very powerful TCC entitlements.” Those entitlements include access to your camera, microphone, screen as well as a raft of personal data.
Microsoft explains that Safari’s access to these sensitive device functions “completely bypasses (normal) TCC access checks for those services,” and warns that “in a real scenario, an attacker could do stealthy things, including: “save an entire camera stream, record microphone and stream it to another server or upload it, get access to the device’s location,’(and) start Safari in a very small window to not draw attention.”
Users of other browsers on Apple devices don’r run the same risk, given those insider passes are not given. “Third-party browsers such as Google Chrome, Mozilla Firefox, or Microsoft Edge do not have the same private entitlements as Apple applications, which means that the said apps can’t bypass TCC checks.” If other browsers want to access those same functions, you will see a pop-up asking for permission.
Apple has now hardened Safari to prevent modification of those configurations files. And Microsoft says it is now “collaborating with other major browser vendors to investigate the benefits of hardening local configuration files. While Chromium and Firefox is yet to adopt the new APIs, Chromium is moving towards using os_crypt which solves the attack in a different way.”
I have reached out to Apple for any comments on Microsoft’s report.
[ad_2]
