With macOS, Apple took a strong position on protecting user data early on, implementing controls as far back as 2012 in OSX Mountain Lion under a framework known as ‘Transparency, Consent and Control’, or TCC for short.
In recent years, protecting sensitive user data on-device has become of increasing importance, particularly now that our phones, tablets and computers are used for creating, storing and transmitting the most sensitive data about us: from selfies and family videos to passwords, banking details, health and medical data and pretty much everything else. TCC does not prevent processes reading and writing to ‘protected’ locations, a loophole that can be used to hide malware.Multiple partial and full TCC bypasses are known, with at least one actively exploited in the wild.Automation, by design, allows Full Disk Access to be ‘backdoored’ while also lowering the authorization barrier.TCC is meant to protect user data from unauthorized access, but weaknesses in its design mean that protections are easily overridden inadvertently.
0 kommentar(er)
