FlagThis

CyberSecurity updates
Updated: 2024-11-22 12:42:02 Pacfic
Microsoft Threat Intelligence @ Microsoft Security Blog
New macOS Vulnerability, "HM Surf", Allows Attackers to Bypass Transparency, Consent, and Control (TCC) Protection - 4d
Read more: www.microsoft.com

Microsoft Threat Intelligence has discovered a new macOS vulnerability, dubbed “HM Surf”, that allows attackers to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to protected user data. The vulnerability involves removing TCC protection for the Safari browser directory and modifying a configuration file to access user data, including browsing history, camera, microphone, and location, without user consent. Microsoft has reported the vulnerability to Apple, which has released a fix as part of a macOS security update. Users are urged to install the update as soon as possible to mitigate the risk. This vulnerability highlights the importance of keeping operating systems and applications updated to protect against emerging threats and the persistent challenges of maintaining robust security in complex software environments.

References:
  • Malware Analysis, News and Indicators - New macOS vulnerability, “HM Surf”, could lead to unauthorized data access - 4d
  • Vulnerability Archives - HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published - 4d
  • github.com - HM Surf - 4d
  • Microsoft Security Blog - Microsoft is currently collaborating with other major browser vendors to investigate the benefits of hardening local configuration files. We encourage macOS users to apply these security updates as so - 4d
  • aka.ms - New macOS Vulnerability: HM Surf could lead to unauthorized data access - 4d
  • ss64.com - A new macOS vulnerability, dubbed 'HM Surf', allows attackers to bypass the operating system's Transparency, Consent, and Control (TCC) technology and gain unauthorized access to user data - 4d
  • thecyberwire.com - Podcast about HM Surf vulnerability - 4d
  • support.apple.com - Apple support page for the macOS security update that addresses the HM Surf vulnerability. - 4d
  • Malware Analysis, News and Indicators - Malware News - Unauthorized data access vulnerability in macOS is detailed by Microsoft - 3d
  • Malwarebytes - Malwarebytes Blog - Microsoft Reveals Details About 'HM Surf' Vulnerability in macOS - 3d
  • Malware Analysis, News and Indicators - Microsoft warns users to patch the HM Surf flaw because Defender detected it was actively exploited. - 3d
  • SCM feed for Security Strategy, Plan, Budget - Microsoft warns users to patch the HM Surf flaw because Defender detected it was actively exploited. - 3d
  • ciso2ciso.com - Microsoft: macOS Vulnerability Potentially Exploited in Adware Attacks – Source: www.securityweek.com &Threats - 3d
  • www.malwarebytes.com - The Microsoft Threat Intelligence team about a macOS vulnerability, dubbed “HM Surf,” that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access - 3d
  • @cybernews - This Infosec Exchange post briefly mentions the new macOS vulnerability and provides a link to a more detailed article. - 3d
  • sra.io - SRA blog post about the 'HM Surf' macOS vulnerability - 3d
  • Security Risk Advisors - Microsoft blog post about the 'HM Surf' macOS vulnerability - 3d
  • ciso2ciso.com - MacOS Safari ‘HM Surf’ Exploit Exposes Camera, Mic, Browser Data - 2d
  • @jos1264 - MacOS Safari ‘HM Surf’ Exploit Exposes Camera, Mic, Browser Data – Source: www.darkreading.com - 2d
  • Hackread – Latest Cybersecurity, Tech, Crypto - 'HM Surf' macOS Flaw Lets Attackers Access Camera and Mic – Patch Now! - 1d
  • www.microsoft.com - New macOS vulnerability, “HM Surf”, could lead to unauthorized data access | Microsoft Security Blog - 1d
  • ciso2ciso.com - “HM Surf” macOS Flaw Lets Attackers Access Camera and Mic – Patch Now! – Source:hackread.com - 1d
  • Malwarebytes - Malwarebytes Labs discusses the HM Surf vulnerability - 1d

Classification:
  • HashTags: macOS Vulnerability Security
  • Company: Apple
  • Target: macOS Users
  • Product: macOS
  • Feature: Transparency Consent and Con
  • Type: Vulnerability
  • Severity: Major

This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.