Skip to main content

Critical MacOS Mojave vulnerability bypasses system security

macOS Mojave desktop
macOS Mojave is Apple’s latest operating system. Image used with permission by copyright holder

With the launch of a new version of macOS from Apple typically comes a culmination of new features, better performance, and enhanced security. Unfortunately, the previous statement might not necessarily be true as security researcher Patrick Wardle, co-founder of Digita Security, has discovered that MacOS Mojave includes a severe security flaw; the bug is currently present on all machines running the latest version of macOS and allows unauthorized access to a users’ private data.

Wardle announced his discovery on Twitter, showcasing that he could easily bypass macOS Mojave’s built-in privacy protections. Due to the flaw, an unauthorized application could circumvent the system’s security and gain access to potentially sensitive information. With the Twitter post, Wardle also included a one-minute Vimeo video showing the hack in progress.

The short video begins with Wardle attempting to access a user’s protected address book and receiving a message that states the operation is not permitted. After accessing and running his bypass program, breakMojave, Wardle is then able to locate the user’s address book, circumvent the machine’s privacy access controls, and copy the address book’s contents to his desktop — no permissions needed.

[0day] Bypassing Mojave's Privacy Protections

Wardle is an experienced security researcher who has worked at NASA and the National Security Agency in his past; he notes that one of his current passions is finding MacOS security flaws before others have the chance. While it is unlikely Wardle will release the app as a malicious tool, he does want to spread knowledge of its existence so that Apple addresses the issue in a timely fashion.

As usual for such a discovery, Apple has yet to comment on the vulnerability, so our eyes will be tied to future OS updates, looking for a bug fix. As MacOS Mojave was only officially launched September 24, the finding is indeed considered a ‘day-zero’ vulnerability, and we hope that Apple will jump to address the problem as soon as possible.

For fellow security researchers who want to know more details about the attack, Wardle will be speaking about the bug at the upcoming Mac security conference ‘Objective by the Sea,’ hosted in Hawaii in November. For the rest of us, we are in Apple’s hands until the security vulnerability is patched.

Editors' Recommendations

Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
These are the 10 settings I always change on a new Mac
A MacBook Air on a desk with an open book in front of it.

Every time I buy a new Mac, there are a bunch of settings I change to improve the macOS experience. Some are quick tweaks that solve minor annoyances, while others are vital changes that make my Mac safer, faster, or just plain better.

I recently wrote about a few key settings to change in macOS Sonoma, but the ones contained in the article you’re perusing now aren’t just for Apple’s latest operating system. Whether you’re running an earlier version of macOS or are reading this long after Sonoma has become old news, there are plenty of macOS settings you can adjust to get more from your Mac.
Turn on FileVault

Read more
This simple app changed how I use my Mac forever
The Paste Mac app, with its clipboard bar open and the Paste homepage in Safari.

Every time I sit down and use my Mac, I’m reminded that it’s full of advanced features and clever extras. Yet there’s one place that absolutely does not apply: the clipboard. Copying and pasting in 2023 feels like it’s stuck in the past with no prospect of salvation.

At least, it did feel that way until I came across an app called Paste. This superb utility has taken a knife to copying and pasting and made it… fun? I never thought I’d say that about such a mundane task, but here we are -- it’s true.
Stacked with features

Read more
7 key settings in macOS Sonoma you should change right now
A MacBook Pro running macOS Sonoma at Apple's Worldwide Developers Conference (WWDC) in June 2023.

Apple’s macOS Sonoma came loaded with a bunch of great new features, including desktop widgets, video screen savers, and more. With plenty of them, you just need to sit back and enjoy them, without much action required on your part. But that’s not always the case.

Sometimes, you’ll have to change a few settings to enable a new feature. Other times, you might want to disable something that is switched on by default. Either way, it’s often worth diving into macOS Sonoma’s settings to get things how you want them.

Read more