Microsoft reveals 'powerdir' macOS vulnerability that allows unauthorized user data access
Microsoft has revealed details of a security vulnerability in macOS that could be exploited to gain unathorized access to user data.
The vulnerability, which has been named 'powerdir' and is being tracked as CVE-2021-30970, involves a logic issue in the Transparency, Consent and Control (TCC) security framework. The security and privacy problem was discovered by the Microsoft 365 Defender Research Team and was reported to Apple is mid-July last year.
macOS has an unpatched Finder vulnerability that hackers can use to run arbitrary commands
Apple makes much of the security of its products, but vulnerabilities are certainly not unknown. SSD Secure Disclosure has revealed details of a zero-day flaw affecting Finder in macOS. It can be exploited to run arbitrary commands without displaying any messages, prompts or warnings.
The vulnerability was discovered by independent security researcher Park Minchan, and it is present in macOS Big Sur and earlier. The flaw relates to the way macOS processes .inetloc (internet location) files and Apple has made a poor, easily circumvented attempt to fix it in the most recent version of its Mac operating system.