Bypass Flaw in Newly Released macOS Mojave Update Lets Hackers Access Protected Files

by

Researcher Patrick Wardle, who has uncovered many security flaws in Apple's macOS operating system, today shared some details on a new vulnerability that he's found in the newly released macOS Mojave update.

As outlined by BleepingComputer, Wardle discovered that he was able to access Contacts data from the address book using an unprivileged app, as demonstrated in the video below.


According to Wardle, the vulnerability is a result of the way that Apple implemented new macOS privacy protections in the Mojave update.

"I found a trivial, albeit 100% reliable flaw in their implementation," he told us, adding that it allows a malicious or untrusted app to bypass the new security mechanism and access the sensitive details without authorization.

The bypass does not work with all of the new privacy protection features in macOS Mojave, and hardware-based components, such as the webcam, are not affected. Full details on the vulnerability are not available yet, as Wardle plans to share technical details in November.

In the macOS Mojave update, Apple made a change that requires explicit user consent for apps to access location data, camera, contacts, calendars, reminders, messages history, Safari data, mail databases, and other sensitive data, which should prevent the vulnerability that Wardle demonstrates.

macosmojaveprivacy
Apple will undoubtedly address the security flaw discovered by Wardle in an upcoming update to macOS Mojave.

Related Forum: macOS Mojave

Popular Stories

carplay next gen hero

RIP, CarPlay 2?

Sunday December 29, 2024 7:32 am PST by
Apple's website continues to state that the first vehicle models with next-generation CarPlay will "arrive in 2024." With less than three days remaining in the year, however, that timeframe is looking more and more unlikely. It would not be entirely Apple's fault if the stated 2024 target is missed, given that it is ultimately up to automakers to roll out the software in vehicles, but it is...
Read Full Article
Apple Intelligence General Feature 2

Five Apple Intelligence Features Coming in 2025

Friday December 27, 2024 2:43 pm PST by
Even though iOS 18.1 and iOS 18.2 added multiple Apple Intelligence features like Image Playground, Genmoji, Writing Tools, and more, there are still new Apple Intelligence capabilities that we're waiting on. Apple has at least one more major Apple Intelligence update coming in 2025, and the functionality that we're expecting is outlined below. Priority Notifications Notification summaries...
Read Full Article112 comments
apple tv plus teaser

Apple Teases Apple TV+ Surprise on January 4 and 5

Thursday December 26, 2024 10:35 am PST by
Apple this week began teasing some kind of upcoming Apple TV+ surprise that's set to happen on January 4 and January 5, telling customers to "stay tuned" and "save the date" in social media posts. Apple's images have a tagline that says "See for yourself," but it isn't clear what Apple has planned. Some users on Reddit have speculated that Apple might be planning to launch a promotion that...
Read Full Article58 comments
New Things Your iPhone Can Do in iOS 18

22 New Things Your iPhone Can Do in iOS 18.2

Monday December 23, 2024 6:30 am PST by
Apple released iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. Apple has added a handful of new non-AI related feature controls as...
Read Full Article28 comments
Sudoku Apple News iOS 18

iOS 18.2 Added a New Game to Your iPhone

Saturday December 28, 2024 12:03 pm PST by
Starting with iOS 18.2, released earlier this month, Apple News+ subscribers in the U.S. have access to daily sudoku puzzles in the Apple News app. There are easy, moderate, and challenging difficulty levels for the daily puzzles. A scoreboard tracks your sudoku stats, including your total number of puzzles solved, fastest completion times per difficulty level, and more. Sudoku is the...
Read Full Article
AirTag and Lavender iPhone

AirTag 2 Launching Next Year With These New Features

Tuesday December 24, 2024 8:35 am PST by
Apple is expected to release an AirTag 2 next year, and a few new features and changes have already been rumored for the item tracker. Below, we recap what to expect from the AirTag 2: The new AirTag is expected to be equipped with Apple's second-generation Ultra Wideband chip for longer range. The chip debuted last year in the iPhone 15 and the Apple Watch Ultra 2, and Apple said it...
Read Full Article28 comments
Generic iOS 19 Feature Mock Light

iOS 19 Rumored to Be Compatible With These iPhones

Sunday December 22, 2024 8:09 am PST by
iOS 19 will not drop support for any iPhone models, according to French website iPhoneSoft.fr. The report cites a source within Apple. The report said that iOS 19 will be compatible with any iPhone that is capable of running iOS 18, which would mean the following models: iPhone 16 iPhone 16 Plus iPhone 16 Pro iPhone 16 Pro Max iPhone 15 iPhone 15 Plus iPhone 15 Pro ...
Read Full Article132 comments
airpods pro 2 gradient

AirPods Pro 3 Expected Next Year: Here's What We Know

Monday December 23, 2024 4:18 am PST by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as...
Read Full Article64 comments

Top Rated Comments

SecuritySteve Avatar
SecuritySteve
82 months ago
As a security researcher professional, this is entirely inappropriate. He should have contacted Apple during the beta release cycle and gotten it fixed. If Apple needs more time to fix it, and is aware of the issue, then you keep the vulnerability under wraps so that other hackers do not exploit your vulnerability while it has no fix.

The only reason to publish a vulnerability with no fix is if the vendor WILL NOT FIX the vulnerability. I doubt that is the case here. This Wardle is seeking attention, and should be looked down upon.

See the guys listed here? These are the true professionals, they did it right.

https://support.apple.com/en-us/HT209139
Score: 52 Votes (Like | Disagree)
fokmik Avatar
fokmik
82 months ago
why come forward today and not earlier that Apple can fix this before Mojave release ? i wonder...
Score: 31 Votes (Like | Disagree)
dannyyankou Avatar
dannyyankou
82 months ago
Why dont they do proper testing?
Yeah they should have a beta program or something with a feedback app, then this would’ve been discovered months ago :rolleyes:
Score: 24 Votes (Like | Disagree)
rafark Avatar
rafark
82 months ago
Why dont they do proper testing? A bit embarrassing for a trillion dollar company.
Score: 21 Votes (Like | Disagree)
dannyyankou Avatar
dannyyankou
82 months ago
It requires the Mac to be unlocked in the first place, so this isn’t the worst security flaw in the world.
Score: 11 Votes (Like | Disagree)
MacDawg Avatar
MacDawg
82 months ago
Oh goodie, now we can have all of the usual suspects flock here to take a **** on Apple
Score: 10 Votes (Like | Disagree)
Read All Comments