Skip to main content
  1. Home
  2. Computing
  3. News

Critical MacOS Mojave vulnerability bypasses system security

Michael Archambault
By
macOS Mojave desktop
macOS Mojave is Apple’s latest operating system. Image used with permission by copyright holder

With the launch of a new version of macOS from Apple typically comes a culmination of new features, better performance, and enhanced security. Unfortunately, the previous statement might not necessarily be true as security researcher Patrick Wardle, co-founder of Digita Security, has discovered that MacOS Mojave includes a severe security flaw; the bug is currently present on all machines running the latest version of macOS and allows unauthorized access to a users’ private data.

Wardle announced his discovery on Twitter, showcasing that he could easily bypass macOS Mojave’s built-in privacy protections. Due to the flaw, an unauthorized application could circumvent the system’s security and gain access to potentially sensitive information. With the Twitter post, Wardle also included a one-minute Vimeo video showing the hack in progress.

Recommended Videos

The short video begins with Wardle attempting to access a user’s protected address book and receiving a message that states the operation is not permitted. After accessing and running his bypass program, breakMojave, Wardle is then able to locate the user’s address book, circumvent the machine’s privacy access controls, and copy the address book’s contents to his desktop — no permissions needed.

[0day] Bypassing Mojave's Privacy Protections

Wardle is an experienced security researcher who has worked at NASA and the National Security Agency in his past; he notes that one of his current passions is finding MacOS security flaws before others have the chance. While it is unlikely Wardle will release the app as a malicious tool, he does want to spread knowledge of its existence so that Apple addresses the issue in a timely fashion.

Related

As usual for such a discovery, Apple has yet to comment on the vulnerability, so our eyes will be tied to future OS updates, looking for a bug fix. As MacOS Mojave was only officially launched September 24, the finding is indeed considered a ‘day-zero’ vulnerability, and we hope that Apple will jump to address the problem as soon as possible.

For fellow security researchers who want to know more details about the attack, Wardle will be speaking about the bug at the upcoming Mac security conference ‘Objective by the Sea,’ hosted in Hawaii in November. For the rest of us, we are in Apple’s hands until the security vulnerability is patched.

Editors' Recommendations

Topics
Michael Archambault
Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
Apple just announced the dates for WWDC 2024
WWDC 2024 banner.

Apple has just announced the dates for its Worldwide Developers Conference (WWDC) 2024. WWDC will take place from June 10 through June 14, 2024. A special event will be held at Apple Park in Cupertino, California, on June 10, and we expect to see the reveal of iOS 18, iPadOS 18, watchOS 11, tvOS 18, macOS 15, and visionOS 2.

WWDC will be free for all developers online. Developers will be able to access a variety of online sessions and labs that will showcase the latest advancements in software across all of Apple’s hardware.

Read more
Apple quietly backtracks on the MacBook Air’s biggest issue
The MacBook Air on a white table.

The new MacBook Air with M3 chip not only allows you to use it with two external displays, but it has also reportedly addressed a storage problem that plagued the previous M2 model. The laptop now finally has much faster storage performance since Apple has switched back to using two 128GB NAND modules instead of a single 256GB module on the SSD drive.

This was discovered by the YouTuber Max Tech, who tore down the entry-level model of the MacBook Air M3 with 8GB of RAM and 256GB of storage. In his tests, thanks to the two NAND modules, the M3 MacBook Air is nearly double faster than the M2 MacBook Air. Blackmagic Disk Speed tests show that the older M2 model with the problematic NAND chip had a 1584.3 Mb/s write speed, and the newer M3 model had 2108.9 Mb/s for the M3 model, for a 33% difference. In read speeds, it was 1576.4 Mb/s on the old model and 2880.2 Mb/s on the newer model.

Read more
The 6 best ways Macs work with your other Apple devices
A person holds an iPhone in front of a MacBook.

One of the best things about using more than one Apple device is the way they interact with each other. Apple has built all kinds of clever features into its famous ecosystem, and it means your devices all work together in a way that you just don’t get from any other manufacturer.

AirDrop might be the ultimate expression of this, though that's fairly well-known. Here, we’ve picked out six other great ways your Mac works with other Apple products. Most require you to have Bluetooth and Wi-Fi enabled, as well as for you to be using the same Apple ID on all your devices. Check the System Settings app on your devices to make sure the specific features are enabled, although most should be by default.

Read more