A security flaw has been unearthed in macOS Mojave, Apple’s latest desktop OS update, by a well-known security researcher Patrick Wardle.
As reported by Bleeping Computer, Wardle has discovered a bypass flaw in macOS Mojave using which hackers can gain access to contacts data from the address book with the help of an app that does not have the required permissions.
Wardle demonstrated how he exploited the vulnerability in a video.
According to Wardle, the vulnerability exists because of the way Apple has implemented the new privacy protection mechanisms in the new macOS.
“I found a trivial, albeit 100% reliable flaw in their implementation,” said Wardle.
The bypass flaw has not affected hardware components like webcam and all the privacy protection features. Focusing more on security, Apple has made certain changes in its privacy protections. Now, apps need to obtain permissions from users if access to resources such as location data, camera, contacts, calendars, reminders, messages history, Safari data, mail databases, etc., is required.
Wardle will reveal more details about the security flaw in November during the Mac Security Conference to be held in Hawaii. Meanwhile, Apple is expected to patch the flaw in the upcoming updates of macOS Mojave.