Skip to main content

Critical MacOS Mojave vulnerability bypasses system security

macOS Mojave desktop
macOS Mojave is Apple’s latest operating system. Image used with permission by copyright holder

With the launch of a new version of macOS from Apple typically comes a culmination of new features, better performance, and enhanced security. Unfortunately, the previous statement might not necessarily be true as security researcher Patrick Wardle, co-founder of Digita Security, has discovered that MacOS Mojave includes a severe security flaw; the bug is currently present on all machines running the latest version of macOS and allows unauthorized access to a users’ private data.

Wardle announced his discovery on Twitter, showcasing that he could easily bypass macOS Mojave’s built-in privacy protections. Due to the flaw, an unauthorized application could circumvent the system’s security and gain access to potentially sensitive information. With the Twitter post, Wardle also included a one-minute Vimeo video showing the hack in progress.

The short video begins with Wardle attempting to access a user’s protected address book and receiving a message that states the operation is not permitted. After accessing and running his bypass program, breakMojave, Wardle is then able to locate the user’s address book, circumvent the machine’s privacy access controls, and copy the address book’s contents to his desktop — no permissions needed.

[0day] Bypassing Mojave's Privacy Protections

Wardle is an experienced security researcher who has worked at NASA and the National Security Agency in his past; he notes that one of his current passions is finding MacOS security flaws before others have the chance. While it is unlikely Wardle will release the app as a malicious tool, he does want to spread knowledge of its existence so that Apple addresses the issue in a timely fashion.

As usual for such a discovery, Apple has yet to comment on the vulnerability, so our eyes will be tied to future OS updates, looking for a bug fix. As MacOS Mojave was only officially launched September 24, the finding is indeed considered a ‘day-zero’ vulnerability, and we hope that Apple will jump to address the problem as soon as possible.

For fellow security researchers who want to know more details about the attack, Wardle will be speaking about the bug at the upcoming Mac security conference ‘Objective by the Sea,’ hosted in Hawaii in November. For the rest of us, we are in Apple’s hands until the security vulnerability is patched.

Editors' Recommendations

Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
Here’s why I finally gave up on using Safari on my Mac
A MacBook owner using Google Sheets.

I have a web browser confession to make: I’m an inveterate tab hoarder. I’ve tried to change. I've tried to cull open tabs and tried to resist opening new ones -- but somehow the open tab counter just keeps on rising. At this point, I think I’m beyond saving.

What I’ve learned is that I need a web browser that can accommodate me, that has learned to accept my tab-based failings without judgement or chastisement. And after many years of trying, it turns out that Safari is not that browser.
The tab problem

Read more
As a recent Mac convert, here’s what has surprised me most
Apple MacBook Pro 16 front view showing display and keyboard.

When I transitioned to all-Apple computing, I knew there would be challenges. I assumed there would be many days and weeks of awkwardness before I truly felt at home on my Mac (and iPad, iPhone, and Apple Watch).

That's why it surprised me when I discovered how smooth much of the transition actually was. Here's everything I learned along the way, along with some tips on how I made it as seamless as possible.
Retraining my muscle memory
Both Windows and macOS have various features and functionality that aren't exactly hidden, but aren't entirely intuitive, either. Things like keyboard shortcuts, settings, windows management, and more build up over time. They get burned into our muscle memory, both physically and mentally. Switching to a new platform requires unlearning the old and learning the new.

Read more
Here’s why 2024 is going to be a slow year for the Mac
The 14-inch MacBook Pro with M3 Max chip seen from behind.

We’ve finally made it into 2024, and if you’re of the Apple persuasion, it feels like there’s a huge amount to look forward to this year. Yet that’s not true for everything Apple makes -- in fact, this could be an incredibly quiet 12 months for the Mac.

I recently wrote about how 2024 is going to be packed with major releases from Apple, yet among all the goodies that will be coming our way this year, there’s only one Mac announcement that I’d consider notable for fans of Apple’s computers. And even then, I’m talking about the MacBook Air getting the M3 chip, something the MacBook Pro got back in 2023.

Read more