macOS Vulnerability CVE-2024-54527 Allows TCC Bypass
/ 1 min read
🔓 Critical TCC Bypass Vulnerability Discovered in macOS. Security researcher Mickey Jin has revealed a significant vulnerability, CVE-2024-54527, in macOS that allows attackers to bypass Transparency, Consent, and Control (TCC) protections through the MediaLibraryService XPC service. This flaw enables malicious plugins to exploit powerful TCC entitlements, including direct modification access to the TCC database. The vulnerability is particularly concerning as it affects an unprotected plugin path that can be modified without root access. Although Apple has implemented mitigations in newer macOS versions, older binaries remain susceptible. Jin has made the proof-of-concept exploit code publicly available and urges users to update their systems to enhance security against this threat.
