The same day Apple released its latest macOS Mojave operating system, a security researcher demonstrated a potential way to bypass new privacy implementations in macOS using just a few lines of code and access sensitive user data.
On Monday, Apple started rolling out its new macOS Mojave 10.14 operating system update to its users, which includes a number of new privacy and security controls, including authorisation prompts.
Mojave 10.14 now pops up authorisation prompts that require direct and real user interaction before any unprivileged third-party application can tap into users’ sensitive information, such as address books, location data, message archives, Mail, and photos.
Patrick Wardle, an ex-NSA hacker and now chief research officer at Digita Security, discovered a zero-day flaw that could allow an attacker to bypass authorisation prompts and access users’ personal information by using an unprivileged app.
Wardle tweeted a video Monday showing how he was able to bypass the permission requirements on a dark-themed Mojave system by running just a few lines of code simulating a malicious app called “breakMojave,” which allowed him to access to the address book and copy it to the macOS desktop.
images from Hacker News