Zero-Day MacOS Mojave Privacy Bypass Bug Exposes Protected Files

A security researcher discovered a zero-day vulnerability in the MacOS Mojave that allows hackers to access secured system files. This Mojave privacy bypass bug coincided with the date of release of Mac’s latest version. Thus, the bug seemingly affects all Mojave users for now.

Mojave Privacy Bypass Bug Makes Protected Files Vulnerable

Security researcher Patrick Wardle once again came up with a thrilling discovery. He found a zero-day Mojave privacy bypass bug. The zero-day vulnerability found in the latest MacOS allows hackers to access secured files on the system. He shared his discovery in a tweet.

Allegedly, he discovered a flaw that allows an attacker to access the protected files within a system. The researcher could even access contacts using an “unprivileged app” without admin permissions.

Wardle has shared the exploit where he used the app to copy data from the address book in the video shared below.

Apple Yet To Patch The Flaw

Mojave has supposedly restricted user data protections by forcing apps to ask for explicit permissions from users. This includes permissions to access contacts, calendar, location, photos, and other information. This prevents apps from auto-simulating user input. Nonetheless, the recent privacy bypass bug certainly demands a quick patch to avoid any compromise to Mojave’s security feature.

Wardle confirmed in his tweet that he has reported the vulnerability to Apple that affects the latest MacOS Mojave. He further explained that the bug not only affects dark mode, but rather all modes. Wardle has planned to further shed light on this issue in the upcoming Mac Security Conference in November.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients