On the launch day of macOS 10.14 Mojave, a new flaw has been shared that has to do with bypassing the new operating system’s privacy protections. This leaves supposedly private data like a user’s contacts vulnerable.

Security researcher Patrick Wardle discovered the security flaw in Mojave and demonstrates how the bypass works in a one-minute video.

Wardle notes that Mojave is supposed to come with “improved privacy protections” but that Apple hasn’t fully delivered on that promise. The demonstration video below shows how quickly and easily access to contacts was gained after Terminal was first denied access to the data.

Speaking to Bleeping Computer, Wardle notes that the bypass works consistently.

“I found a trivial, albeit 100% reliable flaw in their implementation,” he told us, adding that it allows a malicious or untrusted app to bypass the new security mechanism and access the sensitive details without authorization.”

As for the details of the flaw, Wardle is working on sharing specifics with Apple and plans to give any bounty earned to charity. He will also share more about it at Objective By the Sea, a Mac security conference he’s putting together for November.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author