Skip to content

[New Rule] Potential MacOS TCC Privacy Controls Bypass #764

New issue
New issue
Closed
#765
Closed
[New Rule] Potential MacOS TCC Privacy Controls Bypass#764
#765
Assignees
Samirbous
Labels
OS: macOSRule: NewProposal for new rulev7.12.07.12 rules release package
@Samirbous

Description

@Samirbous
Samirbous
opened on Dec 23, 2020

Description

Identifies the use of sqlite3 to directly modify TCC SQLite database, this may indicate attempts to bypass MacOS privacy controls such as access sensitive resources like system camera, microphone, address book and calendar.

image

Required Info

  • Eventing Sources:
  • Target Operating Systems:
  • Platforms
  • Target ECS Version: x.x.x
  • New fields required in ECS for this?
  • Related issues or PRs

Optional Info

  • References:

Example Data

Metadata

Metadata

Assignees

Labels

OS: macOSRule: NewProposal for new rulev7.12.07.12 rules release package

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions