Camera, Microphone, and Browser Data at Risk Due to MacOS Safari Vulnerability

Published:

spot_img

Security Weakness in Safari Browser on macOS Devices Exposed Users to Spying and Data Theft

A security flaw in the Safari browser on macOS devices has potentially put users at risk of spying, data theft, and malware attacks. The vulnerability, known as CVE-2024-44133, was rated a 5.5 on the Common Vulnerability Scoring System (CVSS) due to its “medium” severity.

Researchers from Microsoft have named their exploit of this vulnerability “HM Surf,” which can bypass the Transparency, Consent, and Control (TCC) security layer on MacBooks, granting unauthorized access to browsing data, camera, microphone, and location information. While Apple has released a fix for CVE-2024-44133 in the macOS Sequoia update, there is evidence to suggest that an adware program, possibly AdLoad, has already exploited a similar vulnerability in the wild.

The core of the HM Surf exploit lies in Safari’s entitlement, which allows the browser to bypass TCC restrictions at an app level and apply them only on a per-origin basis. By manipulating Safari’s configuration files stored in the user’s home directory, attackers can modify TCC protections for malicious websites, granting them unrestricted access to sensitive data without triggering permission requests.

Microsoft discovered activity resembling the HM Surf technique in a well-known macOS adware program, AdLoad, which not only bombards users with unwanted ads but also steals user data and acts as a staging ground for further malicious payloads. While the connection to HM Surf is not definitive, the similarity in tactics underscores the need for robust protection against such exploits. Apple and Microsoft have been reached out to for further comments on this developing story.

spot_img

Related articles

Recent articles

Valu Launches Egypt’s First Instant Cashback Loyalty Program, Transforming Everyday Spending Rewards

Valu Launches Egypt’s First Instant Cashback Loyalty Program, Transforming Everyday Spending Rewards Cairo: Valu, a prominent financial technology firm in the Middle East and North...

Laser Attack Resets Tangem Wallet Passwords, Exposing Unpatchable Security Flaw

Laser Attack Resets Tangem Wallet Passwords, Exposing Unpatchable Security Flaw Researchers from Ledger's Donjon security team have uncovered a significant vulnerability in Tangem crypto wallet...

US Authorities Indict Lawrence Bishnoi and Goldy Brar, Elevating Criminal Network to Tier-1 Transnational Syndicate

US Authorities Indict Lawrence Bishnoi and Goldy Brar, Elevating Criminal Network to Tier-1 Transnational Syndicate In a significant escalation of international crime enforcement, the United...

CHERY Strengthens Family Mobility in Saudi Arabia with Q4 Launch of Super Intelligent Valet Parking Technology

CHERY Strengthens Family Mobility in Saudi Arabia with Q4 Launch of Super Intelligent Valet Parking Technology As CHERY prepares to make its re-entry into the...