A significant security flaw in Apple’s iOS and macOS systems has been discovered and patched, addressing a vulnerability that could bypass the Transparency, Consent, and Control (TCC) framework. The vulnerability, identified as CVE-2024-44131, affected the FileProvider component and posed risks to user privacy and data security.
Key Points:
– The vulnerability allowed unauthorized access to sensitive data without user consent
– Affected areas included Health data, microphone, camera, and personal files
– The flaw has been patched in iOS 18, iPadOS 18, and macOS Sequoia 15
Technical Details:
The exploit worked by:
– Intercepting file operations within the Files app
– Manipulating symlinks to redirect files
– Utilizing elevated privileges of fileproviderd daemon
– Accessing data under “/var/mobile/Library/Mobile Documents/”
Impact and Limitations:
– Bypassed TCC framework without triggering user alerts
– Access level dependent on system process privileges
– Data protected by UUID folders remained unaffected
– Required a malicious app to be pre-installed
Additional Security Updates:
Apple simultaneously addressed:
– Four WebKit vulnerabilities
– Audio system vulnerability (CVE-2024-54529)
– Safari privacy issue with Private Relay (CVE-2024-44246)
The patch implements improved symlink validation to prevent future exploitation of this security weakness.