Only a few hours after its deployment, macOS Mojave is already paying a security breach

While one of Apple's flagship announcements for macOS Mojave precisely concerned the protection of personal data through, in particular, a “Dark Mode”, a security flaw allowing access to some of this data was pointed out. finger by the co-founder of DigitaSecurity. In terms of security, the firm at the apple will therefore have kept its promises only a few hours, since these flaws were discovered on the very day of the deployment of the latest version of macOS.

It was on Vimeo that Patrick Wardle demonstrated that with a command prompt, a handful of seconds is enough to bypass part of the protection system designed by Apple, to finally get his hands on contacts from the address book of the bone. A vulnerability that the person subsequently shared on Twitter . However, it would only allow “limited” access to the user's personal data.

Only a few hours after its deployment, macOS Mojave is already paying a security breach

Bad news for Apple, the latest version of its operating system has a security flaw. This vulnerability would allow “limited” access to personal data.

In an interview with Bleeping Computer Patrick Wardle explained his modus operandi. To get around the user authorization system set up by Apple, the researcher used an application that can be launched without specific authorization. The latter then made it possible to exploit the zero-day flaw. A flaw due to the way in which the brand “ has implemented its protections for various types of private data, ” he said without going into further details.

An advertisement that Apple would have gone well without, but a flaw of moderate severity

Details, however, he plans to give more at a security conference to be held in November. In the meantime, it is clarified that if the flaw discovered is not of absolute gravity, it is valid for anyone seeking to penetrate the protection system. The person concerned describes the said vulnerability as “ trivial, but 100% reliable (…) “. A priori, however, the latter has nothing to do with a universal bug. As stated by CNet US , it would not impact the other data protection features of macOS Mojave.

Note that Patrick Wilson is currently seeking to contact Apple in order to share, in detail, his discovery to the firm. For now, the brand has not yet followed up, but, good prince, the researcher would like to donate the reward that Apple could offer him to a charity.

0 replies on “Only a few hours after its deployment, macOS Mojave is already paying a security breach”