HM Surf Bug in macOS Raises Data Privacy Concerns

 

Several vulnerabilities in the Safari web browser for macOS may have left users open to being spied on, having their data stolen, and acquiring other types of malware thanks to this security weakness.

Specifically, the vulnerability arises from the special permissions Apple gives to its proprietary apps, and here, it is the browser, as well as the ease with which an attacker can obtain the important configuration files of an app. 

Ultimately, what it allows a user to do is to circumvent the Transparency, Consent, and Control (TCC) security layer on MacBooks that is designed to safeguard sensitive data from an attacker. CVE-2024-44133 has been rated as a “medium” severity vulnerability by the Common Vulnerability Scoring System (CVSS), meaning that it has a 5.5 severity score as per the CVSS.

According to the CVE-2024-44133 vulnerability report, attackers can bypass the user data protection methods implemented by the operating system by bypassing Transparency, Consent, and Control (TCC). 

During the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later), the vulnerability, also referred to as CVE-2024-44133, had been fixed.

Please take note that this vulnerability will only impact devices that are managed by Mobile Device Management (MDM), not any other device. Typically, MDM mana

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: