Apple's Safari Has a Security Glitch

Last month, Apple launched macOS Sequoia with exciting new features. But alongside these perks, the update also included a lengthy patch for security flaws. Surprisingly, one of these flaws was found by Microsoft. This discovery is significant, especially for users of Macs managed by organizations. The issue is with Safari's ability to access your Mac's address book, camera, and microphone without the usual security check-ins. Normally, Apple’s Transparency, Consent, and Control (TCC) platform ensures that apps need permission to access these things. Safari, however, has a special pass, which Microsoft exploited.

Here’s how it works: By moving a Safari directory to a different location, you can tweak sensitive files. When Safari looks for these files later, it pulls from the modified ones you set. This trick allows you to sidestep the TCC protections and potentially misuse the camera or access location info on the Mac. Microsoft suggests several scenarios where this could be dangerous. Hackers might take photos or videos, record audio, or run Safari undetectably. But here’s the catch: Only devices managed by an organization's IT service, known as MDM-managed Macs, are at risk. Personal Macs are safe from this specific flaw. Apple mentions this issue briefly in its macOS Sequoia security notes. While the flaw is serious, it's limited to those specific Macs. So, if you have a work or school Mac, be sure to get the update. This quick fix ensures your webcam, microphone, and location are protected from potential snoops.

Apple's Safari Has a Security Glitch—But Who's Affected?

Actions