Can You Really Trust That Permission Pop-Up on macOS? (CVE-2025-31250)
a year ago
- #macOS
- #Vulnerability
- #Security
- CVE-2025-31250 allowed macOS permission prompts to be spoofed, displaying as one app while applying consent to another.
- The vulnerability exploited the TCC (Transparency, Consent, and Control) system, which manages macOS permissions.
- Apple Events, an old inter-process communication protocol, was involved in the vulnerability due to its integration with TCC.
- A proof-of-concept demonstrated how to spoof TCC prompts, highlighting the ease of exploiting this flaw.
- The vulnerability could be timed to appear when a user opens a trusted app, increasing the chance of tricking them into granting permissions.
- Previous exploits like $HOMERun and powerdir were referenced, showing historical context for TCC vulnerabilities.
- Apple's patch in macOS Sequoia 15.5 addressed the issue by silently dropping malicious TCC messages.
- The article suggests that while the patch is effective, future vulnerabilities in TCC may still emerge.