MacOS Mojave there is “zero day exploit”
According to the researcher, the security of Digital Security Patrick Wardle in the Mojave there is a bug in the protection system, which can potentially endanger the personal data of users.
Described by Patrick flaw allows programs to bypass the built-in protection at the system level and to provide information to users without permission third-party applications.
Apple during WWDC in June 2018 presented advanced security system in macOS that require users to provide detailed permissions to use applications and equipment. In particular, owners Mac, you must allow access to camera, microphone, mail, messages, Safari, Time Machine and iTunes backup, locations, and system cookies when you run macOS Mojave.
In the short video, uploaded to twitter, Wordl demonstrates the bypass of one of these security measures. The first video shows an unsuccessful attempt to access and copy the contacts via the terminal, which is expected in accordance with the security measures Apple. Then Patrick starts a third-party application called “breakMojave” (“сломатьMojave”) to access the address book on the Mac.
Words also said that the exploit is not universal way to bypass security, but noted that the procedure can be used to access the protected data when the user logs on macOS. Thus, the shortage is unlikely to be a serious problem for most Mac owners, but may cause inconvenience in certain situations.
Patrick didn’t leak a way to bypass the protection in the network, and wrote a letter to Apple describing the issue. Surely now, when the problem is identified, the company from Cupertino will clarify all the details and soon the update will release a patch with fixes.