0-day vulnerability affects all versions of MacOs

Last week Apple announced its latest release of MacOs; the Mojaverelease, at the same date a security researcher called Patrick Wardlehas discovered a privacy bypass bug, this means that all versions of Apples MacOs are affected by this bug.

Mojave's 'dark mode' is gorgeous ,but its promises about improved privacy protections? kinda #FakeNewsThat what Patrick started his tweet with on his twitter account.
He even shared a video to show how he managed to exploit the bug and asked if any one knows any thing about apples bug bounty program.
The following picture and video were taken from his twitter account.

The bug allows the attackers to access the protected files on the system, He “Patrick” even managed to access the contacts using an underprivileged application (without administrator’s permissions).
The following video was taken from his channel on vimeo, it explains how he managed to exploit the bug and access the contacts list on the system.

Wardle has confirmed that the bug affects all modes and version’s of MacOS, not only the dark mode and he also reported the bug to apple. The way apple manages user data protection by forcing apps to ask for user’s permissions to access user’s apps and data isnt effective any more, with that bug and its bypass the used methodology needs a quick patch to fix the vulnerability.

Post a Comment