Microsoft recently revealed details of a macOS security flaw affecting the transparency, consent, and control framework.

As detailed in a Microsoft Threat Intelligence blog post, the flaw, known as CVE-2024-44133, was given the Pokémon-esque codename HM Surf by the Microsoft team. The flaw was patched by Apple in its macOS Sequoia 15 update, which the company wrote resolved the issue by “removing the vulnerable code.”

According to Microsoft's Jonathan Bar Or, HM Surf “removes TCC protection from the Safari browser directory and modifies configuration files in said directory to access user data, including pages viewed, device camera, microphone, and location without user consent. and other user data without the user's consent.”

In its post, Microsoft wrote that the Sequoia 15 update only protects Apple's Safari browser. However, it points out that browsers like Google Chrome and Mozilla Firefox “do not have the same private permissions as Apple applications” and therefore cannot bypass the TCC checks. In other words, once people authorize TCC checks, it is up to the apps to maintain access to the privacy database.

TCC works by preventing apps from accessing your personal data and browser history. After the patch is applied, the vulnerability allows malicious vendors to bypass the TCC checks and access a host of data, including cameras, microphones, download directors, etc.

Microsoft explains how they arrived at the exploit: [HM Surf is among several Apple macOS flaws discovered by Microsoft, including Achilles, Migraine, powerdir, and Shrootless It is the latest in a number of Apple macOS flaws discovered by Microsoft, including Achilles, Migraine, powerdir, and Shrootless, which could allow malicious actors to bypass security checks.

The blog post also mentions the suspicious activity of a macOS adware threat called AdLoad that exploits this flaw.

“Since we were unable to observe the steps leading to the activity, we cannot fully determine whether the AdLoad campaign is exploiting the HM surfing vulnerability itself,” Bar Or wrote. The importance of defending against attacks using this technique is heightened by the fact that attackers use similar techniques to deploy common threats.”

You should update to the latest security patches as soon as possible.