A security researcher shows on Mojave’s release day that Apple’s latest privacy protection implementations in macOS are not sufficiently strong.
In a minute-long clip, Patrick Wardle shows that the security in the dark-themed macOS can be bypassed to reach sensitive user data, such as the information in the address book.
Talking to BleepingComputer, Wardle says that he was able to access the confidential user contacts via an unprivileged app, meaning that it did not run with administrator permissions.
He says that the zero-day vulnerability stems from the way Apple implemented the protections for various privacy-related data.
“I found a trivial, albeit 100% reliable flaw in their implementation,” he told us, adding that it allows a malicious or untrusted app to bypass the new security mechanism and access the sensitive details without authorization.
Source: Bleeping Computer