One of the fixes in macOS 12.1, which Apple made available in mid December 2021, was for a security vulnerability that Microsoft highlighted to Apple. Apple was quick to fix the flaw, but Microsoft has now revealed information about the risk that those who haven’t yet updated their Macs to macOS 12.1 are undertaking.
The vulnerability that was identified by Microsoft’s 365 Defender Research Team is known as powerdir and leaves a 'door' open that could allow attackers to gain access to Mac users' data.
According to a Microsoft blog post, powerdir could "allow an attacker to bypass the operating system's Transparency, Consent, and Control (TCC) technology, thereby gaining unauthorized access to a user's protected data." An attacker could thus use a fake TCC database installed on the targeted Mac to bypass the usual privacy setting and install an app which could obtain information about the user.
The security vulnerability is listed as CVE-2021-30970 in the release notes for macOS 12.1. Apple credited Microsoft with the discovery of the vulnerability.
If you haven't yet updated to macOS 12.1 this is what you need to do:
- Open System Preferences (you can click on the Apple logo in the menu to find it).
- Click on Software Update.
- Your computer will check for updates, and show that an update is available for your Mac. Click on Upgrade Now to download the installer for the new version of macOS.
- While the installer is being downloaded you will be able to continue to use your Mac. Once the installer has downloaded you can click to install the new version of the OS - but beware that your Mac will be out of action for a little while as the software installs.
More information about updating macOS here: How to update macOS.
For more information read about the new features in macOS Monterey 12.1. We also have lots of information about security on macOS: