Blog
Share This Post
[ad_1]
Apple has addressed a critical flaw in its iOS and macOS systems that could bypass the Transparency, Consent, and Control framework to allow attackers to gain unauthorized access to sensitive user data, TheHackerNews reports.
The vulnerability, tracked as CVE-2024-44131, was discovered in the FileProvider component and has been fixed in iOS 18, iPadOS 18, and macOS Sequoia 15 through improved validation of symbolic links. It enabled malicious apps to exploit elevated privileges of the fileproviderd daemon to intercept and manipulate file operations performed in the Files app. By inserting symlinks during file transfers, attackers could redirect or access sensitive files, including iCloud backup data, Health data, and media files, without triggering user notifications. The technique undermined the TCC framework, which regulates app permissions for accessing sensitive data such as contacts and location. Although the flaw does not compromise all data types — some remain protected by UUIDs or specific API restrictions — it exposes a significant gap in Apple’s access control enforcement.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
