On the launch day of macOS 10.14 Mojave, a new flaw has been shared that has to do with bypassing the new operating system’s privacy protections. This leaves supposedly private data like a user’s contacts vulnerable.
Security researcher Patrick Wardle discovered the security flaw in Mojave and demonstrates how the bypass works in a one-minute video.
Wardle notes that Mojave is supposed to come with “improved privacy protections” but that Apple hasn’t fully delivered on that promise. The demonstration video below shows how quickly and easily access to contacts was gained after Terminal was first denied access to the data.
Speaking to Bleeping Computer, Wardle notes that the bypass works consistently.
“I found a trivial, albeit 100% reliable flaw in their implementation,” he told us, adding that it allows a malicious or untrusted app to bypass the new security mechanism and access the sensitive details without authorization.”
As for the details of the flaw, Wardle is working on sharing specifics with Apple and plans to give any bounty earned to charity. He will also share more about it at Objective By the Sea, a Mac security conference he’s putting together for November.