A security vulnerability found in the Safari browser on macOS devices has raised concerns about potential spying, data theft, and malware attacks on unsuspecting users. This flaw, identified as CVE-2024-44133, has been rated with a “medium” severity level of 5.5 in the Common Vulnerability Scoring System (CVSS).

The exploit, named “HM Surf” by researchers from Microsoft, allows attackers to bypass the Transparency, Consent, and Control (TCC) security layer on MacBooks, granting unauthorized access to sensitive data such as browsing history, camera, microphone, and device location. While Apple released a fix for CVE-2024-44133 in the macOS Sequoia update on September 16, there are reports of adware programs exploiting similar vulnerabilities in the wild.

The core of the HM Surf exploit lies in Safari’s entitlement, “com.apple.private.tcc.allow,” which circumvents TCC at the app level and applies it only to individual websites. By manipulating Safari’s configuration files stored in the user’s home directory, attackers can achieve TCC bypass using the autological directory service command line utility (DSCL). This manipulation allows malicious websites unrestricted access to capture sensitive data without triggering permission prompts.

In a recent blog post, Microsoft highlighted suspicious activity resembling the HM Surf technique on a victim’s device, attributed to the AdLoad macOS adware program. AdLoad not only hijacks browser traffic for adware purposes but also collects user data, creates botnets, and facilitates the deployment of further malicious payloads. While the connection to the HM Surf vulnerability remains inconclusive, the similarity in attack methods underscores the importance of protecting against such exploits.

Both Apple and Microsoft have been contacted for further comments on the ongoing investigation into CVE-2024-44133 and its potential exploitation by malicious actors. As cybersecurity experts emphasize the urgency of updating macOS devices to mitigate security risks, organizations are advised to remain vigilant against emerging threats targeting macOS vulnerabilities.

Source link