Zero-day privacy bypass vulnerability found in the newly released Mac OS Mojave
By MYBRANDBOOK
A security researcher has claimed to have found a new vulnerability in the latest version of Mac OS that too just a few hours before the software was scheduled to be released.The researcher had tweeted a video on Monday that showed the bypass of a security feature that’s designed to prevent apps from improperly accessing a user’s personal data.
What did the researcher show in the video?
According to the video that was posted on Twitter, it can be seen that the MacOS initially refused access to the stored contacts saying that the “operation was not permitted”. But when the researcher executed an unprivileged script simulating a malicious app, it copied his entire address book to the desktop thus bypassing the security feature.
However, the bypass does not work with all of the new privacy protection features and hardware-based components such as the webcam are not affected. The entire description of the vulnerability is not available yet, as the researchers plan to share technical details in November at a conference.
The security researcher has just shared a POC(Proof of Concept) and no specific details of how the vulnerability is exploited have been made public. This means that most hackers whether malicious or non-malicious won’t get their hands on how the researcher managed to do it until they get encouraged enough and find it out on their own which is bound to take a good amount of time.
As the researcher has said that he would be presenting the vulnerability in a conference it is extremely probable that he will be reporting the bug to Apple and make sure Apple patches it before he presents it as this is the general expected flow after finding a zero-day and going public with it.
It's completely obvious that Apple does a rigorous amount of security testing before releasing an update but this incident just goes on to show the power of crowd-sourced security.
It may not be possible for individual teams to maintain each and every brick in the wall and check it regularly hence most organisations are shifting to crowd-sourced security models for a single reason - It works!. Crowdsourcing is the aptest form of security in the current meta as it allows app owners to catch the vulnerabilities that slipped through the cracks that too in the most cost and time effective way.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
ICONS OF INDIA : S KRISHNAN
S Krishnan as the secretary for the electronics and information techno...
ICONS OF INDIA : RISHAD PREMJI
Rishad Premji is Executive Chairman of Wipro Limited, a $11.3 billion ...
ICONS OF INDIA : ROSHNI NADAR MALHOTRA
Roshni Nadar Malhotra is the Chairperson of HCLTech, a leading global ...
LIC - Life Insurance Corporation of India
LIC is the largest state-owned life insurance company in India...
BEL - Bharat Electronics Limited
BEL is an Indian Government-owned aerospace and defence electronics co...
STPI - Software Technology Parks of India
STPI promotes and facilitates the growth of the IT and ITES industry i...
Indian Tech Talent Excelling The Tech World - PADMASREE WARRIOR, Founder, President & CEO - Fable
Padmasree Warrior, the Founder, President, and CEO of Fable, is revolu...
Indian Tech Talent Excelling The Tech World - NIKESH ARORA, Chairman CEO - Palo Alto Networks
Nikesh Arora, the Chairman and CEO of Palo Alto Networks, is steering ...
Indian Tech Talent Excelling The Tech World - Satya Nadella, Chairman & CEO- Microsoft
Satya Nadella, the Chairman and CEO of Microsoft, recently emphasized ...