Bypass Flaw in Newly Released macOS Mojave Update Lets Hackers Access Protected Files
Researcher Patrick Wardle, who has uncovered many security flaws in Apple's macOS operating system, today shared some details on a new vulnerability that he's found in the newly released macOS Mojave update.
As outlined by BleepingComputer, Wardle discovered that he was able to access Contacts data from the address book using an unprivileged app, as demonstrated in the video below.
According to Wardle, the vulnerability is a result of the way that Apple implemented new macOS privacy protections in the Mojave update.
"I found a trivial, albeit 100% reliable flaw in their implementation," he told us, adding that it allows a malicious or untrusted app to bypass the new security mechanism and access the sensitive details without authorization.
The bypass does not work with all of the new privacy protection features in macOS Mojave, and hardware-based components, such as the webcam, are not affected. Full details on the vulnerability are not available yet, as Wardle plans to share technical details in November.
In the macOS Mojave update, Apple made a change that requires explicit user consent for apps to access location data, camera, contacts, calendars, reminders, messages history, Safari data, mail databases, and other sensitive data, which should prevent the vulnerability that Wardle demonstrates.
Apple will undoubtedly address the security flaw discovered by Wardle in an upcoming update to macOS Mojave.
Popular Stories
Apple is set to release iOS 18.2 in December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls incoming as well.
...
We're officially in the month of Black Friday, which will take place on Friday, November 29 in 2024. As always, this will be the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment,...
The first Geekbench 6 benchmark results for the M4 Pro chip surfaced today. Impressively, the results that are available so far show that the highest-end M4 Pro chip is faster than the highest-end M2 Ultra chip in terms of peak multi-core CPU performance.
Here is a comparison of the results:
Mac mini with M4 Pro (14-core CPU): 22,094 multi-core score (average of 11 results)
Mac Studio...
The iPhone SE 4 that's set to come out early next year is expected to debut Apple's first in-house 5G modem, according to Jeff Pu, an analyst who covers companies within Apple's supply chain.
In a research note this week with Hong Kong-based investment firm Haitong International Securities, Pu said Apple is expected to roll out its custom-made 5G modem starting with the next-generation...
With the second beta of iOS 18.2 that's available for developers today, Apple has further fleshed out the ChatGPT integration that's available with Siri. In the Settings app, there's now a section that shows the ChatGPT daily limit, and offers an option to upgrade to the paid ChatGPT Plus plan.
The beta includes an Advanced Capabilities section with a "Daily Limit" reading that shows up as...
Apple's new M4 Pro and M4 Max chips are impressively fast in terms of CPU performance, topping the M2 Ultra, but what about graphics performance?
The first Geekbench 6 results for GPU performance are now available for the M4 Pro and M4 Max, and the Metal scores reveal some impressive year-over-year gains. Based on the Metal scores that are available so far, the M4 Pro and M4 Max are up to...
After a busy October in which Apple announced new Macs and Apple Intelligence launched, the calendar has now turned to November. Below, we outline what to expect from Apple this month as the slower-but-still-busy holiday season approaches.
After seeding the first betas of iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2 with additional Apple Intelligence features last month, Apple will likely...
