HomeCII/OTSecurity Vulnerability in MacOS Safari Exposes Camera, Microphone, and Browser Data

Security Vulnerability in MacOS Safari Exposes Camera, Microphone, and Browser Data

Published on

spot_img

A security vulnerability found in the Safari browser on macOS devices has raised concerns about potential spying, data theft, and malware attacks on unsuspecting users. This flaw, identified as CVE-2024-44133, has been rated with a “medium” severity level of 5.5 in the Common Vulnerability Scoring System (CVSS).

The exploit, named “HM Surf” by researchers from Microsoft, allows attackers to bypass the Transparency, Consent, and Control (TCC) security layer on MacBooks, granting unauthorized access to sensitive data such as browsing history, camera, microphone, and device location. While Apple released a fix for CVE-2024-44133 in the macOS Sequoia update on September 16, there are reports of adware programs exploiting similar vulnerabilities in the wild.

The core of the HM Surf exploit lies in Safari’s entitlement, “com.apple.private.tcc.allow,” which circumvents TCC at the app level and applies it only to individual websites. By manipulating Safari’s configuration files stored in the user’s home directory, attackers can achieve TCC bypass using the autological directory service command line utility (DSCL). This manipulation allows malicious websites unrestricted access to capture sensitive data without triggering permission prompts.

In a recent blog post, Microsoft highlighted suspicious activity resembling the HM Surf technique on a victim’s device, attributed to the AdLoad macOS adware program. AdLoad not only hijacks browser traffic for adware purposes but also collects user data, creates botnets, and facilitates the deployment of further malicious payloads. While the connection to the HM Surf vulnerability remains inconclusive, the similarity in attack methods underscores the importance of protecting against such exploits.

Both Apple and Microsoft have been contacted for further comments on the ongoing investigation into CVE-2024-44133 and its potential exploitation by malicious actors. As cybersecurity experts emphasize the urgency of updating macOS devices to mitigate security risks, organizations are advised to remain vigilant against emerging threats targeting macOS vulnerabilities.

Source link

Latest articles

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...

Scammers Exploit FaceTime for Social Engineering Tactics

Apple Warns Users About Social Engineering Scams Targeting FaceTime Apple Inc. has made a significant...

Hackers Compromise IIS Server and Launch Ransomware Attack Within 24 Hours

--- In June 2026, cybersecurity experts uncovered a coordinated and sophisticated cyber intrusion that began...

Women’s Care and Pulmonary Sleep Breaches

In a concerning trend for healthcare security, two healthcare providers have publicly revealed data...

More like this

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...

Scammers Exploit FaceTime for Social Engineering Tactics

Apple Warns Users About Social Engineering Scams Targeting FaceTime Apple Inc. has made a significant...

Hackers Compromise IIS Server and Launch Ransomware Attack Within 24 Hours

--- In June 2026, cybersecurity experts uncovered a coordinated and sophisticated cyber intrusion that began...