Apple released the macOS Mojave 10.14 update last night, which brings a number of new features such as Dark Mode, Dynamic Desktop, Stacks, among others. The software update also brings bug fixes and performance improvements, but hours after its release, a security researcher has found a new vulnerability that could leave your data at risk. Also Read - iPhone 12, iPhone 12 Pro India pre-orders start: All exchange, discount offers detailedAlso Read - Apple releases iOS 14.1, iPadOS 14.1 with multiple bug fixes and improvements
According to security researcher Patrick Wardle, the flaw bypasses the operating system s privacy protection and leaves user data like contacts vulnerable. The researcher has also demonstrated how the bypass works in a small one-minute video. When Apple unveiled the macOS Mojave at WWDC 2018, it talked about improved privacy protections but looking at the vulnerability, it is evident that Apple has failed to deliver on its promise. Also Read - iPhone XR available for as low as Rs 37,999: Check offers, specifications and more
With macOS Mojave, Apple has made a major change that will require user consent for apps to access data, contacts, reminders, message history, camera, mail databases and other sensitive information. This should have prevented the vulnerability demonstrated by the security researcher.
Speaking to Bleeping Computer, Wardle said I found a trivial, albeit 100% reliable flaw in their implementation, he told us, adding that it allows a malicious or untrusted app to bypass the new security mechanism and access the sensitive details without authorization.
Watch: Apple bypass vulnerability discovered by security researcher
The demo video shows how one can quickly and easily access to contacts after Terminal first denied access to the data. About the specifics, Wardle mentioned that he will share the specifics with Apple, and also plans to offer the earned bounty to the charity. He will further share more information at a Mac security conference, Objective by the Sea, in November.