Jamf Threat Labs has identified a critical flaw in Apple’s Transparency, Consent, and Control (TCC) framework, labeled CVE-2024-44131. This vulnerability allows malicious applications to bypass user consent protocols and access sensitive data without user awareness. The issue impacts both macOS and iOS platforms but has been resolved in macOS 15 and iOS 18 updates.
The TCC Framework and Its Role
The TCC framework is designed to protect sensitive user data by requiring app permissions. However, the CVE-2024-44131 vulnerability undermines this security mechanism. According to Jamf, “This TCC bypass allows unauthorized access to files, Health data, the microphone or camera, and more without alerting users. This compromises user trust and puts personal data at risk.”
Exploitation Techniques
Attackers exploit this flaw by using symlink techniques and elevated system process privileges, such as those of fileproviderd and Files.app. These methods enable discreet copying of user data into attacker-controlled directories. Jamf noted, “This exploitation can occur in the blink of an eye, entirely undetected by the end user.”
Malicious apps can intercept file operations within the Files.app, redirecting sensitive data without triggering any TCC permission prompts.
Risks Associated with Synchronized Data
The vulne
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.