FlagThis

CyberSecurity updates
Updated: 2024-10-22 01:24:40 Pacfic
Microsoft Threat Intelligence @ Microsoft Security Blog
New macOS Vulnerability, "HM Surf", Allows Attackers to Bypass Transparency, Consent, and Control (TCC) Protection - 4d

Read more: www.microsoft.com

Microsoft Threat Intelligence has discovered a new macOS vulnerability, dubbed “HM Surf”, that allows attackers to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to protected user data. The vulnerability involves removing TCC protection for the Safari browser directory and modifying a configuration file to access user data, including browsing history, camera, microphone, and location, without user consent. Microsoft has reported the vulnerability to Apple, which has released a fix as part of a macOS security update. Users are urged to install the update as soon as possible to mitigate the risk. This vulnerability highlights the importance of keeping operating systems and applications updated to protect against emerging threats and the persistent challenges of maintaining robust security in complex software environments.

References:
  • Malware Analysis, News and Indicators - New macOS vulnerability, “HM Surf”, could lead to unauthorized data access - 4d
  • Vulnerability Archives - HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published - 4d
  • github.com - HM Surf - 4d
  • Microsoft Security Blog - Microsoft's official security blog details the 'HM Surf' vulnerability, explaining its potential impact and providing mitigation recommendations. - 4d
  • aka.ms - New macOS Vulnerability: HM Surf could lead to unauthorized data access - 4d
  • ss64.com - A new macOS vulnerability, dubbed 'HM Surf', allows attackers to bypass the operating system's Transparency, Consent, and Control (TCC) technology and gain unauthorized access to user data - 3d
  • thecyberwire.com - Podcast about HM Surf vulnerability - 3d
  • support.apple.com - Apple support page for the macOS security update that addresses the HM Surf vulnerability. - 3d
  • Malware Analysis, News and Indicators - Malware News - Unauthorized data access vulnerability in macOS is detailed by Microsoft - 3d
  • Malwarebytes - Malwarebytes blog provides a detailed analysis of the 'HM Surf' vulnerability, highlighting its impact and potential for exploitation. - 3d
  • Malware Analysis, News and Indicators - Microsoft warns users to patch the HM Surf flaw because Defender detected it was actively exploited. - 3d
  • SCM feed for Security Strategy, Plan, Budget - SCWorld summarizes the Adload malware exploiting the 'HM Surf' vulnerability, emphasizing the importance of patching. - 3d
  • ciso2ciso.com - Microsoft: macOS Vulnerability Potentially Exploited in Adware Attacks – Source: www.securityweek.com &Threats - 2d
  • @cybernews - This Infosec Exchange post briefly mentions the new macOS vulnerability and provides a link to a more detailed article. - 2d
  • www.malwarebytes.com - The Microsoft Threat Intelligence team about a macOS vulnerability, dubbed “HM Surf,” that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access - 2d
  • sra.io - SRA blog post about the 'HM Surf' macOS vulnerability - 2d
  • Security Risk Advisors - Microsoft blog post about the 'HM Surf' macOS vulnerability - 2d
  • ciso2ciso.com - MacOS Safari ‘HM Surf’ Exploit Exposes Camera, Mic, Browser Data - 2d
  • @jos1264 - MacOS Safari ‘HM Surf’ Exploit Exposes Camera, Mic, Browser Data – Source: www.darkreading.com - 2d
  • Hackread – Latest Cybersecurity, Tech, Crypto - 'HM Surf' macOS Flaw Lets Attackers Access Camera and Mic – Patch Now! - 1d
  • www.microsoft.com - New macOS vulnerability, “HM Surf”, could lead to unauthorized data access | Microsoft Security Blog - 17h
  • ciso2ciso.com - “HM Surf” macOS Flaw Lets Attackers Access Camera and Mic – Patch Now! – Source:hackread.com - 16h
  • Malwarebytes - Malwarebytes Labs discusses the HM Surf vulnerability - 13h

Classification:
  • HashTags: macOS Vulnerability Security
  • Company: Apple
  • Target: macOS Users
  • Product: macOS
  • Feature: Transparency Consent and Con
  • Type: Vulnerability
  • Severity: Major

This site is an experimental news aggregator using feeds I personally follow. You can reach me using contacts documented at my website here (https://royans.net/) if you have feedback. You can also find Flathis at Mastodon.