Jump to content

macOS Mojave zero-day bug could be exploited to spill your personal data

sincity

By sincity
in Technology

 Share

Recommended Posts

sincity Rookie

sincity

Posted
Posted

Apple has only just launched macOS Mojave, but a security researcher has already found a vulnerability which allegedly could allow an attacker to leverage a malicious app in order to steal personal data such as contact details from your Mac computer.

Patrick Wardle, who is co-founder of Digita Security, found the zero-day bug which allows for bypassing the operating system’s privacy defenses, and highlighted it on Twitter complete with a video (without going into the details of how it works at this point, for obvious reasons – that can be done post-fix).

The video clip shows Wardle attempting to access the address book on a Mojave system, and failing, before running a script simulating a malicious app, which subsequently allows for access to the address book, and copying the data therein.

The simplicity of this ‘privacy bypass’ is concerning, for sure, with no permissions required to carry out this personal data pilfering.

Hot topic

Presumably we’ll hear a response from Apple on this matter sooner rather than later, as macOS security is obviously a hot topic. As are the defenses of any major operating system, to be fair, but given the year Apple had in 2017 on the security front, with a bewildering bug found in macOS High Sierra, the company will certainly want its software to appear watertight.

For his part, as you can see in the tweet above, Wardle requests details of Apple’s bug bounty scheme for macOS, in order to report the flaw, and potentially bag a reward (which would go to charity, he clarifies).

As you may well have seen, macOS Mojave was unleashed on the world yesterday, and we’ve rounded up all the pertinent details on the refreshed OS here – including the promise of more rigid security.

Mojave also introduces a system-wide dark mode which Wardle praises in his tweet (note that dark mode has nothing to do with the exploit, as some Twitter denizens have inferred from the researcher’s post).

Via Digital Trends

9PZ54PIN8rI

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept