Bypass Flaw in Newly Released macOS Mojave Update Lets Hackers Access Protected Files
Researcher Patrick Wardle, who has uncovered many security flaws in Apple's macOS operating system, today shared some details on a new vulnerability that he's found in the newly released macOS Mojave update.
As outlined by BleepingComputer, Wardle discovered that he was able to access Contacts data from the address book using an unprivileged app, as demonstrated in the video below.
According to Wardle, the vulnerability is a result of the way that Apple implemented new macOS privacy protections in the Mojave update.
"I found a trivial, albeit 100% reliable flaw in their implementation," he told us, adding that it allows a malicious or untrusted app to bypass the new security mechanism and access the sensitive details without authorization.
The bypass does not work with all of the new privacy protection features in macOS Mojave, and hardware-based components, such as the webcam, are not affected. Full details on the vulnerability are not available yet, as Wardle plans to share technical details in November.
In the macOS Mojave update, Apple made a change that requires explicit user consent for apps to access location data, camera, contacts, calendars, reminders, messages history, Safari data, mail databases, and other sensitive data, which should prevent the vulnerability that Wardle demonstrates.
Apple will undoubtedly address the security flaw discovered by Wardle in an upcoming update to macOS Mojave.
Popular Stories
Apple today introduced a new Apple Creator Studio bundle that offers access to six creative apps, as well as exclusive AI features and content, as part of a single subscription. In the U.S., pricing is set at $12.99 per month or $129 per year.
Here are the six apps included with an Apple Creator Studio subscription:Final Cut Pro on the Mac and iPad
Logic Pro on the Mac and iPad
Pixelmator...
Verizon is experiencing a major outage across the U.S. today, with hundreds of thousands of customers reporting issues with the network on the website Downdetector. There are also complaints across Reddit and other social media platforms.
iPhone users and others with Verizon service are generally unable to make phone calls, send text messages, or use data over 5G or LTE due to the outage....
While the iPhone 18 Pro models are still around eight months away, a leaker has shared some alleged details about the devices.
In a post on Chinese social media platform Weibo this week, the account Digital Chat Station said the iPhone 18 Pro and iPhone 18 Pro Max will have the same 6.3-inch and 6.9-inch display sizes as the iPhone 17 Pro and iPhone 17 Pro Max.
Consistent with previous...
Apple today seeded the second beta of iOS 26.3, nearly a month after the first beta. So far, the update includes a couple of new features for iPhones.
iOS 15.3 through iOS 18.3 were all released in late January over the years, so it is thereby likely that iOS 26.3 will be released towards the end of this month as well. The update is compatible with the iPhone 11 series and newer.
Below,...
Apple today released a firmware update for the AirPods Pro 3. The latest firmware has a version number of 8B34, up from the previous version 8B30.
Apple has a support document for AirPods firmware updates, and it indicates that the 8B34 update contains unspecified "bug fixes and other improvements."
No other AirPods models received firmware updates today.
How to install AirPods Pro...
