Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS
Posted: Wed Dec 25, 2024 12:40 pm
Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information.
The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved validation of symbolic links (symlinks) in iOS 18, iPadOS 18, and macOS Sequoia 15.
https://thehackernews.com/2024/12/resea ... ploit.html
The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved validation of symbolic links (symlinks) in iOS 18, iPadOS 18, and macOS Sequoia 15.
https://thehackernews.com/2024/12/resea ... ploit.html