Researcher finds vulnerability in macOS Mojave that circumvents privacy protection
A security researcher has found a way to bypass the privacy protection of Apple’s macOS 10.14 Mojave. In a video, he shows how he can copy the address book, without permission.
Security researcher Patrick Wardle, founder of the company Digita Security, shows in a video how he wants to access the address book via Terminal and how via the doll -up permission is denied. Terminal then neatly states that data from Contacts can not be copied, because there is no permission.
After running his Mojave Privacy Bypass application, he manages to copy the addresses. Opposite Bleep Computer he calls the vulnerability trivial, but one hundred percent reliable. According to him there are malicious applications that can access sensitive data without the required authorization.
The details of his method is not yet known. He does so at his conference on Mac security in November, in Hawaii. Wardle has informed Apple about the problem. Apple released macOS Mojave Monday. The operating system extends Gatekeeper’s privacy protection to include Mail, Messages, Safari browsing data and backups. Contacts already fell under the protection, which keeps track of which apps have been given permission to access the data.
Apple has solved a large number of security problems at macOS 10.14 Mojave .