Hello, welcome to the Tuesday, January 11th, 2020 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Well, thanks to Microsoft for providing us with more details regarding a recently patched macOS vulnerability that allows for bypassing

of the macOS transparency, consent and control, or TCC technology. This is the technology

that basically governs what files a program can access, and you may have seen that if you're a macOS

user, if you get pop-ups,

that a certain program, for example, would like to access your download directory or your

contacts.

And that information, whenever you give permission, is tracked in a database.

This database resides inside the home directory, more precisely in one of the library application

support directories, and past vulnerabilities in the system, for example, used changing

the home environment variable in order to fool the system what the home directory is.

Now, Apple has patched this.

It now looks at the actual GetPWUID system call, which gets the current home directory

for the user.

But that can be altered, so the exploit is kind of back where an attacker can set up a directory, place

database of the attackers choosing in that directory, and then just change the user's

home directory in order to have the system use that manipulated database file.

Patches around these issues were released by Apple,

but according to Microsoft,

are not completely mitigating these attack techniques.

I mean, teaching web application security

...