Critical MacOS Mojave vulnerability bypasses system security

macOS Mojave desktop
macOS Mojave is Apple’s latest operating system.

With the launch of a new version of macOS from Apple typically comes a culmination of new features, better performance, and enhanced security. Unfortunately, the previous statement might not necessarily be true as security researcher Patrick Wardle, co-founder of Digita Security, has discovered that MacOS Mojave includes a severe security flaw; the bug is currently present on all machines running the latest version of macOS and allows unauthorized access to a users’ private data.

Wardle announced his discovery on Twitter, showcasing that he could easily bypass macOS Mojave’s built-in privacy protections. Due to the flaw, an unauthorized application could circumvent the system’s security and gain access to potentially sensitive information. With the Twitter post, Wardle also included a one-minute Vimeo video showing the hack in progress.

The short video begins with Wardle attempting to access a user’s protected address book and receiving a message that states the operation is not permitted. After accessing and running his bypass program, breakMojave, Wardle is then able to locate the user’s address book, circumvent the machine’s privacy access controls, and copy the address book’s contents to his desktop — no permissions needed.

Wardle is an experienced security researcher who has worked at NASA and the National Security Agency in his past; he notes that one of his current passions is finding MacOS security flaws before others have the chance. While it is unlikely Wardle will release the app as a malicious tool, he does want to spread knowledge of its existence so that Apple addresses the issue in a timely fashion.

As usual for such a discovery, Apple has yet to comment on the vulnerability, so our eyes will be tied to future OS updates, looking for a bug fix. As MacOS Mojave was only officially launched September 24, the finding is indeed considered a ‘day-zero’ vulnerability, and we hope that Apple will jump to address the problem as soon as possible.

For fellow security researchers who want to know more details about the attack, Wardle will be speaking about the bug at the upcoming Mac security conference ‘Objective by the Sea,’ hosted in Hawaii in November. For the rest of us, we are in Apple’s hands until the security vulnerability is patched.

Product Review

Samsung’s Galaxy Book 2 is a Surface Pro alternative with one big advantage

The 2-in-1 form factor is clearly a big deciding factor for anyone looking to buy a new device, which is why Samsung is again getting in the action this year with the new Galaxy Book 2.
Smart Home

Angee’s security service switches from sales to subscriptions

Angee, a successful startup that raised nearly half a million dollars for its home security hub, has pivoted its business model to offer its home security platform as a subscription rather than a smart home product.
Computing

Apple’s latest feature ensures MacOS apps are safer than ever

MacOS is mythically known for being more immune to viruses than Windows, but that doesn't mean there isn't room to make it safer. Apple is using an app notarization feature to protect users from downloading malicious apps.
Computing

Despite serious security flaws, D-Link will (again) not patch some routers

D-Link revealed that it won't patch six router models despite warnings raised by a security researcher. The manufacturer, for the second time in a span of about a year, cited end-of-life policies for its decision to not act.
Computing

Personal info of 30,000-plus Pentagon employees compromised in contractor breach

The Pentagon is facing another security problem after it was discovered that a contractor was responsible for a leak of data that affected more than 30,000 Pentagon employees, both civilian and military.
Computing

Consider an extended warranty plan if you buy a Surface Pro 6

Though Microsoft offers a standard one-year warranty on the Surface Pro 6, consumers may want to purchase an extended warranty plan if they intend on keeping their tablet longer due to the device's low repairability score.
Computing

'World's best gaming processor'? We put Intel's new i9 through the ringer

Intel has launched the first Core i9 for the average gamer. Despite some controversies around its release, it’s the fastest gaming processor we’ve yet tested.
Computing

Samsung Chromebook Plus V2 vs. Google Pixelbook

Samsung's Chromebook Plus V2 attempts to answer the question: can you spend around half as much as on the premium Google Pixelbook and be happy that you saved some serious cash?
Computing

Protecting your PDF with a password isn't difficult. Just follow these steps

If you need to learn how to password protect a PDF, you have come to the right place. This guide will walk you through the process of protecting your documents step by step, whether you're running a MacOS or Windows machine.
Computing

Google Chrome 70 is finally getting a picture-in-picture mode

Picture-in-picture mode is finally coming to Google Chrome 70 on Mac, Linux, and Windows. The feature not only applies to YouTube but also any other website where developers have chosen to implement it.
Computing

Intel's 9th-gen chips could power your next rig. Here's what you need to know

The Intel Core i9-9900K processor was the star of the show for consumers, but a powerful 28-core Xeon processor also led announcements. Here's everything you need to know about the latest Intel chipsets.
Computing

Core i9s and Threadrippers are all powerful, but should you go AMD or Intel?

The battle for the top prosumer CPUs in the world is on. In this head to head, we pit the Core i9 versus the Threadripper to see which is the best when it comes to maximizing multi-core performance on a single chip.
Computing

There’s now proof that quantum computing is superior to the classical variety

For the first time in computer science history, researchers have tangibly demonstrated how a quantum computer is better than a classical computer. A quantum computer was able to solve a math problem that a classical PC cannot.
Computing

In 2018, the rivalry between AMD and Intel has become more interesting than ever

When it comes to selecting a CPU for your PC, there's no shortage of chips for you to choose from. With Ryzen, Threadripper, and Core i9 CPUs though, the AMD vs. Intel argument is muddier than ever.