Skip to main content
  1. Home
  2. Computing
  3. News

Critical MacOS Mojave vulnerability bypasses system security

Michael Archambault
By
macOS Mojave desktop
macOS Mojave is Apple’s latest operating system.

With the launch of a new version of macOS from Apple typically comes a culmination of new features, better performance, and enhanced security. Unfortunately, the previous statement might not necessarily be true as security researcher Patrick Wardle, co-founder of Digita Security, has discovered that MacOS Mojave includes a severe security flaw; the bug is currently present on all machines running the latest version of macOS and allows unauthorized access to a users’ private data.

Wardle announced his discovery on Twitter, showcasing that he could easily bypass macOS Mojave’s built-in privacy protections. Due to the flaw, an unauthorized application could circumvent the system’s security and gain access to potentially sensitive information. With the Twitter post, Wardle also included a one-minute Vimeo video showing the hack in progress.

The short video begins with Wardle attempting to access a user’s protected address book and receiving a message that states the operation is not permitted. After accessing and running his bypass program, breakMojave, Wardle is then able to locate the user’s address book, circumvent the machine’s privacy access controls, and copy the address book’s contents to his desktop — no permissions needed.

Related
[0day] Bypassing Mojave's Privacy Protections

Wardle is an experienced security researcher who has worked at NASA and the National Security Agency in his past; he notes that one of his current passions is finding MacOS security flaws before others have the chance. While it is unlikely Wardle will release the app as a malicious tool, he does want to spread knowledge of its existence so that Apple addresses the issue in a timely fashion.

As usual for such a discovery, Apple has yet to comment on the vulnerability, so our eyes will be tied to future OS updates, looking for a bug fix. As MacOS Mojave was only officially launched September 24, the finding is indeed considered a ‘day-zero’ vulnerability, and we hope that Apple will jump to address the problem as soon as possible.

For fellow security researchers who want to know more details about the attack, Wardle will be speaking about the bug at the upcoming Mac security conference ‘Objective by the Sea,’ hosted in Hawaii in November. For the rest of us, we are in Apple’s hands until the security vulnerability is patched.

Editors' Recommendations

Topics
Video-editing app LumaFusion to get a Galaxy Tab S8 launch
A tablet featuring the LumaFusion video editing app.
Pro users are already unhappy with the upcoming Mac Pro
mac pro display xdr first look wwdc 2019 hands on 10
Mac Pro 2023: performance, a familiar design, new displays, and more
apple mac pro made in austin tx usa 2019
Apple spring event: massive Mac launch, XR headset, and more
Tim Cook at WWDC 2022.
Apple’s $600 M2 Mac mini obliterates the $6,000 Mac Pro
Apple Mac Mini M1 sitting on a desk.
This 8K monitor has 3D tech that can be viewed from all angles
A BOE 8K display.
Microsoft continues its unabashed embrace of ChatGPT and AI
OpenAI and MIcrosoft logos appear over a computer generated background.
Don’t fall for this Mac Mini M1 deal — buy this instead
apple mac mini m2 deal february 2023 resized
AMD ‘undershipping’ GPUs signals weak PC market
AMD CEO Lisa Su delivering AMD's CES 2023 keynote.
Best Gaming PC Deals: Save on RTX 3070, 3080, 3090 PCs
The Alienware Aurora R10 Ryzen Edition Gaming Desktop, placed on a desk.
Don’t miss this Samsung Galaxy Book 3 Ultra pre-order deal
Someone typing on the Samsung Galaxy Book 3 Ultra.
Experts fear ChatGPT will soon be used in devastating cyberattacks
The ChatGPT name next to an OpenAI logo on a black and white background.
Lenovo’s Surface-style Chromebook just got a big price cut
The new Lenovo Chromebook Duet 5 sitting on a desk.