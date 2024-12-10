A bypass flaw in the FileProvider Transparency, Consent and Control (TCC) subsystem within Apple’s iOS operating system could leave users’ data dangerously exposed, according to researchers at Jamf Threat Labs.

Assigned CVE-2024-44131, the issue was successfully patched by Apple in September 2024 and Jamf, whose researchers are credited with its discovery, is formally disclosing it today. It also affects macOS devices, although Jamf’s researchers have focused on the mobile ecosystem since these estates are more often neglected during updates.

CVE-2024-44131 is of particular interest to threat actors because if successfully exploited, it can enable them to access sensitive information held on the target device, including contacts, location data and photos.

TCC is a “critical security framework”, the Jamf team explained, which prompts users to grant or deny requests from specific applications to access their data, and CVE-2024-44131 enables a threat actor to sidestep it completely – if they can convince their victim to download a malicious app.

“This discovery highlights a broader security concern as attackers focus on data and intellectual property that can be accessed from multiple locations, allowing them to focus on compromising the weakest of the connected systems,” said the team.

“Services like iCloud, which allow data to sync across devices of many form factors, enable attackers to attempt exploits across a variety of entry points as they look to accelerate their access to valuable intellectual property and data.”

Open to abuse This is not the first time that Apple's TCC subsystem has been shown to be at risk of compromise. Earlier in 2024, Cisco Talos researchers detailed eight vulnerabilities in Microsoft applications, including Excel, PowerPoint and Teams, that enable a threat actor to exploit TCC by abusing the applications' enhanced privileges to slip a malicious code library into the application's running space. The researcher who discovered it said that because Apple's operating systems trust applications to self-police their permissions, a failure in this responsibility effectively breaks down the entire permission model.