Tuesday, September 25, 2018

Bypass flaw in macOS Mojave allows for access of protected files

With the recent release of the macOS Mojave that Apple introduced in the "Gather round" event, it looks like there is a newly spotted bypass flaw in the desktop software that allows Wardle to access information pertaining to Contacts data. There is a minute-long clip of the bypass in action, which you can watch at the bottom of this article.

Bypass flaw in macOS Mojave allows for access of protected files

According to a new report from BleepingComputer , some discovers by the security researcher Patrick Wardle, a flaw in macOS Mojave allows hackers to gain the ability to access protected and personal files on the software.
“…Wardle says that he was able to access the confidential user contacts via an unprivileged app, meaning that it did not run with administrator permissions.

He says that the zero-day vulnerability stems from the way Apple implemented the protections for various privacy-related data.

“I found a trivial, albeit 100% reliable flaw in their implementation,” he told us, adding that it allows a malicious or untrusted app to bypass the new security mechanism and access the sensitive details without authorization.”
Wardle is planning on sharing technical details regarding the bypass in November, and, as such, those details, along with others, are not known at the time of this publication. Wardle does note that the bypass does not work with all of the new security measures that Apple included with macOS Mojave, and some physical equipment, including webcams, cannot be bypassed.

The report does not indicate if Apple has already confirmed it will be working on a fix, but it stands to reason the company is already planning on a subsequent software update to address the issue. If that is indeed the case, it would more than likely be a minor software update coming down the pipe.

This will probably leads Apple to look further about its security base and look for any fast solution to cover such security flaw.



Post a Comment