{"id":44769,"date":"2022-01-11T15:48:48","date_gmt":"2022-01-11T15:48:48","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32984\/macOS-Bug-Could-Bypass-Controls-And-Access-Private-User-Data.html"},"modified":"2022-01-11T15:48:48","modified_gmt":"2022-01-11T15:48:48","slug":"macos-bug-could-bypass-controls-and-access-private-user-data","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/","title":{"rendered":"macOS Bug Could Bypass Controls And Access Private User Data"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" class=\"ff-og-image-inserted\"><\/div>\n<p>Microsoft has detailed how malware on macOS can bypass privacy preferences enforced by Apple&#8217;s macOS system called Transparency, Consent, and Control (TCC) for controlling apps&#8217; access to sensitive user data.&nbsp;<\/p>\n<p>The &#8216;powerdir&#8217; bug, which <a href=\"https:\/\/support.apple.com\/en-us\/HT212978\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Apple fixed in its December 13 update for macOS<\/a>&nbsp;up to Monterey, lets an attacker bypass TCC to gain access to a user&#8217;s protected data.&nbsp;<\/p>\n<p>The bug was discovered by Microsoft security researcher Jonathan Bar Or. Microsoft is interested in macOS security because Defender for Endpoint can be used in an enterprise to protect non-Windows devices.<\/p>\n<p>Microsoft&#8217;s 365 Defender Research Team&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/01\/10\/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">noted in a blog post<\/a>&nbsp;that Apple introduced a feature to protect TCC that &#8220;prevents unauthorized code execution and enforced a policy that restricts access to TCC to only apps with full disk access.&#8221;<\/p>\n<p>However, Or discovered that it is &#8220;possible to programmatically change a target user&#8217;s home directory and plant a fake TCC database, which stores the consent history of app requests.&#8221;<\/p>\n<p>&#8220;If exploited on unpatched systems, this vulnerability could allow a malicious actor to potentially orchestrate an attack based on the user&#8217;s protected personal data,&#8221; Microsoft said.&nbsp;<\/p>\n<p>An attacker could hijack an already installed app or install their own malicious app to access the microphone to record private conversations or capture screenshots of sensitive information displayed on the user&#8217;s screen, Microsoft explained.&nbsp;<\/p>\n<section class=\"sharethrough-top placeholder\"> <\/section>\n<p>TCC appeared in 2012 in OS X Mountain Lion and is behind the system notifications users see when giving or denying &#8216;consent&#8217; for specific applications to access private data, which includes access to the device&#8217;s camera, microphone, location, and access to the user&#8217;s calendar or iCloud account.&nbsp;<\/p>\n<p>Apple doesn&#8217;t detail TCC directly in its security manual, however, <a href=\"https:\/\/www.sentinelone.com\/labs\/bypassing-macos-tcc-user-privacy-protections-by-accident-and-design\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">via security firm Sentinal One<\/a>, TCC&#8217;s purpose is <a href=\"https:\/\/manuals.info.apple.com\/MANUALS\/1000\/MA1902\/en_US\/apple-platform-security-guide.pdf\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">described in a section<\/a> of the manual detailing how macOS and iOS protect app access to user data. Users can manage these privacy protections in macOS within the Security &amp; Privacy section of System Preferences.<\/p>\n<p>&#8220;Apple devices help prevent apps from accessing a user&#8217;s personal information without permission using various technologies including Data Vault. In Settings in iOS and iPadOS, or System Preferences in macOS, users can see which apps they have permitted to access certain information as well as grant or revoke any future access,&#8221; Apple explains.&nbsp;<\/p>\n<p>Microsoft&#8217;s TCC bypass flaw offers a new way to bypass protections Apple has added to previously discovered TCC bypasses, including <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-9771\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">CVE-2020-9771<\/a>, <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-9934\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">CVE-2020-9934<\/a>, and <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-30713\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">CVE-2021-30713<\/a>.&nbsp;<\/p>\n<p>To protect TCC from these bypass flaws, Apple introduced a feature that prevents unauthorized code execution and enforced a policy that restricts access to TCC to only apps with full disk access. Those fixes protected TCC.db (database) files from being incorrectly accessed through, for example. Time Machine backups or alternative file paths. &nbsp;<\/p>\n<p>Microsoft bypass Apple&#8217;s TCC protections worked by planting a fake TCC.db file and changing the Home directory using a specific &#8216;superuser&#8217; sudo command in the Directory Services command-line utility.<\/p>\n<p>&#8220;While requiring root access, we discovered that this works only if the app is granted with the TCC policy kTCCServiceSystemPolicySysAdminFiles, which the local or user-specific TCC.db maintains,&#8221; explains Microsoft. &nbsp;<\/p>\n<p>&#8220;That is weaker than having full disk access, but we managed to bypass that restriction with the <a href=\"https:\/\/www.unix.com\/man-page\/osx\/1\/dsexport\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">dsexport<\/a> and <a href=\"https:\/\/www.unix.com\/man-page\/osx\/1\/dsimport\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">dsimport<\/a> utilities.&#8221;<\/p>\n<p>Microsoft&#8217;s proof of concept demonstrated that attackers could change the settings on any application, potentially allowing them to enable microphone and camera access on any app \u2014 hence the bug&#8217;s name &#8220;Powerdir&#8221;.&nbsp;<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32984\/macOS-Bug-Could-Bypass-Controls-And-Access-Private-User-Data.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[9816],"class_list":["post-44769","post","type-post","status-publish","format-standard","hentry","category-packet-storm","tag-headlineprivacymicrosoftflawpatchapple"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>macOS Bug Could Bypass Controls And Access Private User Data 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"macOS Bug Could Bypass Controls And Access Private User Data 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-11T15:48:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"macOS Bug Could Bypass Controls And Access Private User Data\",\"datePublished\":\"2022-01-11T15:48:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/\"},\"wordCount\":602,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"keywords\":[\"headline,privacy,microsoft,flaw,patch,apple\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/\",\"name\":\"macOS Bug Could Bypass Controls And Access Private User Data 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2022-01-11T15:48:48+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#primaryimage\",\"url\":\"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,privacy,microsoft,flaw,patch,apple\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/headlineprivacymicrosoftflawpatchapple\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"macOS Bug Could Bypass Controls And Access Private User Data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"macOS Bug Could Bypass Controls And Access Private User Data 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/","og_locale":"en_US","og_type":"article","og_title":"macOS Bug Could Bypass Controls And Access Private User Data 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-01-11T15:48:48+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"macOS Bug Could Bypass Controls And Access Private User Data","datePublished":"2022-01-11T15:48:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/"},"wordCount":602,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","keywords":["headline,privacy,microsoft,flaw,patch,apple"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/","url":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/","name":"macOS Bug Could Bypass Controls And Access Private User Data 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","datePublished":"2022-01-11T15:48:48+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3965a5c519ab39c06baf67724d35f4e52a5263f\/2021\/12\/15\/b6821fa2-f1a5-4e6d-a839-63172b59646d\/shutterstock-1122656969.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/macos-bug-could-bypass-controls-and-access-private-user-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,privacy,microsoft,flaw,patch,apple","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineprivacymicrosoftflawpatchapple\/"},{"@type":"ListItem","position":3,"name":"macOS Bug Could Bypass Controls And Access Private User Data"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44769"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44769\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}