Does Microsoft Visual Studio Code have similar TCC bypass vulnerabilities?

Yes, Microsoft Visual Studio Code has identical vulnerabilities through the same attack vector. However, Microsoft has reportedly dismissed the issue, stating it falls outside their threat model and has not provided fixes for the vulnerability.

How can users protect themselves from these macOS TCC bypass vulnerabilities?

Users should update Cursor.app to version 0.48.7 or later if using that application. For other Electron-based applications, users should be cautious about granting camera and microphone permissions, especially to applications that may have similar configuration issues. Users should also be wary of permission requests that seem unusual or suspicious.

Knowledge

Cursor app (and others) has bypass flaw of Transparency, Consent, and Control protections on macOS

Q: What is the macOS TCC bypass vulnerability discovered by AFINE Cybersecurity?

AFINE Cybersecurity researcher Karol Mazurek discovered vulnerabilities that allow malicious applications to bypass Apple's Transparency, Consent, and Control (TCC) framework on macOS systems. These vulnerabilities enable malware to circumvent privacy protections and gain unauthorized access to sensitive user resources.

Q: What is Apple's TCC framework and what does it protect?

TCC (Transparency, Consent, and Control) serves as a privacy protection mechanism that controls application access to sensitive user resources, including files in protected directories such as Desktop, Documents, and Downloads folders, personal data like contacts and calendars, hardware devices including cameras and microphones, and other privacy-sensitive assets.

Q: What is CVE-2024-45599 and how severe is it?

CVE-2024-45599 is the primary vulnerability affecting Cursor.app with a CVSS score of 3.8. It allows any program running on an affected macOS machine to access the camera or microphone once Cursor has been granted these permissions, bypassing Apple's TCC privacy controls.

Q: What are the different ways attackers can exploit these TCC bypass vulnerabilities?

There are two main exploitation scenarios: the 'Vanilla Scenario' where no user interaction is required when malware exploits the vulnerability (potentially when victims use the app to open projects in their home directory), and the 'Spoofing Scenario' that requires user interaction, where malware can disguise permission requests under the vulnerable application's name.

published: May 26, 2025

Take action: Update Cursor to version 0.48.7 or later immediately to fix the TCC bypass vulnerability, and avoid granting camera or microphone permissions to code editors unless absolutely necessary. Be very cautious when prompted for permissions, as malware can now disguise itself as legitimate applications like Cursor or Visual Studio Code to trick you into allowing access to your private data.

Learn More

AFINE Cybersecurity researcher Karol Mazurek reports vulnerabilities that allow malicious applications to bypass Apple's Transparency, Consent, and Control (TCC) framework on macOS systems.

TCC serves as a privacy protection mechanism that controls application access to sensitive user resources, including files in protected directories such as Desktop, Documents, and Downloads folders, personal data like contacts and calendars, hardware devices including cameras and microphones, and other privacy-sensitive assets.

The research identified systemic weaknesses in third-party applications that enable malware to circumvent these privacy protections. The vulnerabilities stem from insecure configuration practices in Electron-based applications - the enablement of RunAsNode fuse settings and misconfigured entitlements that allow code injection attacks.

Primary vulnerability affecting Cursor.app is tracked as CVE-2024-45599 (CVSS score 3.8). The Cursor.app vulnerability allows any program running on an affected macOS machine to access the camera or microphone once Cursor has been granted these permissions. This occurs due to a DyLib Injection weakness that uses the DYLD_INSERT_LIBRARIES environment variable.

Cursor versions from 0.45.0 through 0.48.6 are affected by this vulnerability. The issue was partially addressed in version 0.41.0 by separating entitlements between the main process and extension host process, though complete remediation required updates through version 0.48.7. Microsoft Visual Studio Code has identical vulnerabilities through the same attack vector, but Microsoft has reportedly dismissed the issue, stating it "falls outside their threat model."

The exploitation scenarios include a "Vanilla Scenario" where no user interaction is required when malware exploits the vulnerability, potentially occurring when victims use the app to open projects in their home directory. There is also a "Spoofing Scenario" that requires user interaction, where malware can disguise permission requests under the vulnerable application's name, making users more likely to grant access to sensitive resources like cameras and microphones.

Cursor app (and others) has bypass flaw of Transparency, Consent, and Control protections on macOS

Read More
State of (in)security - Week 6, 2025
State of (in)security - Week 41, 2025
Prioritize patching of internet facing systems or get …
State of (in)security - Week 13, 2024
State of (in)security - Week 25, 2025