Zero-day exploit in Mojave lets hackers copy your private data


Why it matters: Apple’s Mojave operating system has only been out for mere hours, and security researchers have already found an exploit that could allow hackers unfettered access to your private information. The flaw uses a hole in Apple’s implementation of a new security feature in macOS making it all the more ironic.

Apple just released the latest version of macOS — Mojave — to the public after testing it in beta since June. Cupertino thinks that the new operating system is ready for primetime, but security researcher Patrick Wardle says “Wait a minute. Not so fast.”

Wardle, who is a prolific spotter of flaws in Apple software, says that he discovered a zero-day exploit in macOS Mojave that would allow hackers access to the user’s address book (among other things) using an unprivileged app. He demonstrated the flaw in a one minute video on Vimeo (below).

Wardle told Bleeping Computer that the security hole is ironically a byproduct of the Apple’s implementation of new privacy protections introduced in Mojave. The new measures require users to give permission for access to things like location data, the address book, message archives, and other private data and files. Wardle discovered a way to bypass that authorization.


Read more here