1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Zero-day exploit in Mojave lets hackers copy your private data

By Cal Jeffrey
Sep 24, 2018
Post New Reply
  1. Apple just released the latest version of macOS — Mojave — to the public after testing it in beta since June. Cupertino thinks that the new operating system is ready for primetime, but security researcher Patrick Wardle says “Wait a minute. Not so fast.”

    Wardle, who is a prolific spotter of flaws in Apple software, says that he discovered a zero-day exploit in macOS Mojave that would allow hackers access to the user’s address book (among other things) using an unprivileged app. He demonstrated the flaw in a one minute video on Vimeo (below).

    Wardle told Bleeping Computer that the security hole is ironically a byproduct of the Apple’s implementation of new privacy protections introduced in Mojave. The new measures require users to give permission for access to things like location data, the address book, message archives, and other private data and files. Wardle discovered a way to bypass that authorization.

    “I found a trivial, albeit 100% reliable flaw in their implementation,” he said. The exploit allows an untrusted app to bypass security measures without authorization.

    He says that the exploit does not work with all the privacy protection features in Mojave. For instance, hardware components are secure from this type of attack, but software-based applications such as Calendar are at risk.

    Apple has been notified of the vulnerability and will undoubtedly address it in the first Mojave security patch. Meanwhile, Wardle will not be releasing details regarding the exploit until The Mac Security conference — Objective by the Sea — he has planned for November in Hawaii.

    The flaw seems pretty low-risk as long as you are not running any sketchy apps. If that’s your case, you’re probably okay running Mojave. However, if you use a lot of third-party apps, you might want to hold off on Mojave until Apple gets it patched to be safe.

    Permalink to story.

     
  2. Vrmithrax

    Vrmithrax TechSpot Paladin Posts: 1,467   +500

    *GASP*

    But, according to the fanatics, Apple is the most reliable and secure in the history of ever! How can it have flaws or vulnerabilities? This may rock some worlds!

    /sarcasm

    Seriously, glad somebody is out there running these things through the wringers early in the launch cycle. Hate to imagine the damage that could have been done if it had snuck through and been a gaping security hole for a while.
     

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...