Microsoft has issued a warning regarding a newly patched vulnerability in macOS that could be exploited for adware attacks.
Identified as CVE-2024-44133, this flaw allows attackers to circumvent the operating system’s Transparency, Consent, and Control (TCC) technology, enabling unauthorized access to user data.
“The vulnerability, which we refer to as “HM Surf”, involves removing the TCC protection for the Safari browser directory and modifying a configuration file in the said directory to gain access to the user’s data, including browsed pages, the device’s camera, microphone, and location, without the user’s consent,” Microsoft said in an advisory.
Apple addressed this security issue in its macOS Sequoia 15 update released in mid-September, clarifying that only devices managed by Mobile Device Management (MDM) are vulnerable.
Microsoft noted that only Safari is impacted, as third-party browsers lack the same entitlements to bypass TCC checks.
“Continuous research on vulnerabilities in security technologies like TCC in macOS devices is important to help ensure that user data is protected from unauthorized access. Software vendors are always in a tight race against malicious actors to discover vulnerabilities and address them before they are exploited for attacks,” Microsoft explained.
The tech giant has detected suspicious activity linked to Adload, a known macOS adware family, which may be attempting to exploit this vulnerability.
Users are urged to apply the latest security updates promptly to mitigate potential risks.
“As cross-platform threats continue to increase, a coordinated response to vulnerability discoveries and other forms of threat intelligence sharing will help enrich protection technologies that secure users’ computing experience regardless of the platform or device they’re using.”