CyberSecurity news

FlagThis

Microsoft Threat Intelligence@Microsoft Security Blog //

New macOS Vulnerability, "HM Surf", Allows Attackers to Bypass Transparency, Consent, and Control (TCC) Protection


Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • malware.news: New macOS vulnerability, “HM Surf”, could lead to unauthorized data access
  • securityonline.info: HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published
  • github.com: HM Surf
  • Microsoft Security Blog: Microsoft is currently collaborating with other major browser vendors to investigate the benefits of hardening local configuration files. We encourage macOS users to apply these security updates as soon as possible.
  • aka.ms: New macOS Vulnerability: HM Surf could lead to unauthorized data access
  • ss64.com: A new macOS vulnerability, dubbed 'HM Surf', allows attackers to bypass the operating system's Transparency, Consent, and Control (TCC) technology and gain unauthorized access to user data
  • thecyberwire.com: Podcast about HM Surf vulnerability
  • support.apple.com: Apple support page for the macOS security update that addresses the HM Surf vulnerability.
  • malware.news: Malware News - Unauthorized data access vulnerability in macOS is detailed by Microsoft
  • Malwarebytes: Malwarebytes Blog - Microsoft Reveals Details About 'HM Surf' Vulnerability in macOS
  • malware.news: Microsoft warns users to patch the HM Surf flaw because Defender detected it was actively exploited.
  • www.scworld.com: Microsoft warns users to patch the HM Surf flaw because Defender detected it was actively exploited.
  • ciso2ciso.com: Microsoft: macOS Vulnerability Potentially Exploited in Adware Attacks – Source: www.securityweek.com &Threats
  • www.malwarebytes.com: The Microsoft Threat Intelligence team about a macOS vulnerability, dubbed “HM Surf,” that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access without users’ consent includes browsed pages, along with the device’s camera, microphone, and location. The vulnerability, tracked as was fixed in the for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later). It is important to note that this vulnerability would only impact Mobile Device Management (MDM) managed devices. MDM managed devices are typically subject to centralized management and security policies set by the organization’s IT department. Microsoft has dubbed the flaw “HM Surf.” By exploiting this vulnerability an attacker could bypass the macOS Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. Users may notice Safari’s TCC in action when they browse a website that requires access to the camera or the microphone. They may see a prompt like this one: Image courtesy of Microsoft What Microsoft discovered was that Safari maintains its own separate TCC policy which it maintains in various local files. At that point Microsoft figured out it was possible to modify the sensitive files, by swapping the home directory of the current user back and forth. The home directory is protected by the TCC, but by changing the home directory, then change the file, and then making it the home directory again, Safari will use the modified files. The exploit only works on Safari because third-party browsers such as Google Chrome, Mozilla Firefox, or Microsoft Edge do not have the same private entitlements as Apple applications. Therefore, those apps can’t bypass the macOS TCC checks. Microsoft noted that it observed suspicious activity in the wild associated with the Adload adware that might be exploiting this vulnerability. But it could not be entirely sure whether the exact same exploit was used. “Since we weren’t able to observe the steps taken leading to the activity, we can’t fully determine if the Adload campaign is exploiting the HM surf vulnerability itself. Attackers using a similar method to deploy a prevalent threat raises the importance of having protection against attacks using this technique.” We encourage macOS users to apply these security updates as soon as possible if they haven’t already. takes out malware, adware, spyware, and other threats before they can infect your machine and ruin your day. It’ll keep you safe online and your Mac running like it should.
  • infosec.exchange: This Infosec Exchange post briefly mentions the new macOS vulnerability and provides a link to a more detailed article.
  • sra.io: SRA blog post about the 'HM Surf' macOS vulnerability
  • www.microsoft.com: Microsoft blog post about the 'HM Surf' macOS vulnerability
  • ciso2ciso.com: MacOS Safari ‘HM Surf’ Exploit Exposes Camera, Mic, Browser Data
  • social.skynetcloud.site: MacOS Safari ‘HM Surf’ Exploit Exposes Camera, Mic, Browser Data – Source: www.darkreading.com
  • hackread.com: 'HM Surf' macOS Flaw Lets Attackers Access Camera and Mic – Patch Now!
  • www.microsoft.com: New macOS vulnerability, “HM Surf”, could lead to unauthorized data access | Microsoft Security Blog
  • ciso2ciso.com: “HM Surf” macOS Flaw Lets Attackers Access Camera and Mic – Patch Now! – Source:hackread.com
  • Malwarebytes: Malwarebytes Labs discusses the HM Surf vulnerability
Classification: