Last week Apple announced its latest release of MacOs; the “Mojave” release, at the same date a security researcher called “Patrick Wardle” has discovered a privacy bypass bug, this means that all versions of Apple’s MacOs are affected by this bug.
“Mojave's 'dark mode' is gorgeous ,but its promises about improved privacy protections? kinda #FakeNews” That what Patrick started his tweet with on his twitter account.
He even shared a video to show how he managed to exploit the bug and asked if any one know’s any thing about apple’s bug bounty program.
The following picture and video were taken from his twitter account.
The bug allows the attackers to access the protected files on the system, He “Patrick” even managed to access the contacts using an underprivileged application (without administrator’s permissions).
The following video was taken from his channel on vimeo, it explains how he managed to exploit the bug and access the contacts list on the system.
Wardle has confirmed that the bug affects all modes and version’s of MacOS, not only the dark mode and he also reported the bug to apple. The way apple manages user data protection by forcing apps to ask for user’s permissions to access user’s apps and data isn’t effective any more, with that bug and its bypass the used methodology needs a quick patch to fix the vulnerability.
0 Comments