Zero-day privacy bypass vulnerability found in the newly released Mac OS Mojave
By MYBRANDBOOK
A security researcher has claimed to have found a new vulnerability in the latest version of Mac OS that too just a few hours before the software was scheduled to be released.The researcher had tweeted a video on Monday that showed the bypass of a security feature that’s designed to prevent apps from improperly accessing a user’s personal data.
What did the researcher show in the video?
According to the video that was posted on Twitter, it can be seen that the MacOS initially refused access to the stored contacts saying that the “operation was not permitted”. But when the researcher executed an unprivileged script simulating a malicious app, it copied his entire address book to the desktop thus bypassing the security feature.
However, the bypass does not work with all of the new privacy protection features and hardware-based components such as the webcam are not affected. The entire description of the vulnerability is not available yet, as the researchers plan to share technical details in November at a conference.
The security researcher has just shared a POC(Proof of Concept) and no specific details of how the vulnerability is exploited have been made public. This means that most hackers whether malicious or non-malicious won’t get their hands on how the researcher managed to do it until they get encouraged enough and find it out on their own which is bound to take a good amount of time.
As the researcher has said that he would be presenting the vulnerability in a conference it is extremely probable that he will be reporting the bug to Apple and make sure Apple patches it before he presents it as this is the general expected flow after finding a zero-day and going public with it.
It's completely obvious that Apple does a rigorous amount of security testing before releasing an update but this incident just goes on to show the power of crowd-sourced security.
It may not be possible for individual teams to maintain each and every brick in the wall and check it regularly hence most organisations are shifting to crowd-sourced security models for a single reason - It works!. Crowdsourcing is the aptest form of security in the current meta as it allows app owners to catch the vulnerabilities that slipped through the cracks that too in the most cost and time effective way.
BREAKING NEWS
TECHNO TRENDS
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
E-Magazine
TECHNOTAINMENT
Airtel Xstream Play strengthens regional content library, part
Bharti Airtel (“Airtel”), one of India’s leading telecommunications
ED attaches Raj Kundra, Shilpa Shetty’s Rs 97 crore worth as
The Enforcement Directorate (ED) has seized businessman Raj Kundra's pro
MOVERS & SHAKERS
Clover Infotech appointed Subham Banerjee as CDO
Clover Infotech has announced the appointment of Subham Banerjee as its Ch
Saviynt ropes in Sanjeevi Kumar as new Sales Director in India
The cloud-native identity and governance platform solutions provider Saviy
OPEN YOUR EYES
INTERVIEWS
ESDS commits to presenting clients with the latest technology
According to a NASSCOM report, the Indian IT industry experienced its stron
CommScope celebrates its 25 years of legacy in India by contin
A strong brand must also reflect the company values and speak exactly what
HOT PICK
COLORFUL rolls out an array of gaming laptops
COLORFUL launched its incredible series of COLORFUL EVOL P15 gaming laptop
Dell Technologies launches new AI-powered commercial PC portfo
Dell Technologies has launched the broadest portfolio of commercial AI lap
MAKE IN INDIA BRANDS
DRUVA SOFTWARE PVT. LTD.
ZOHO CORPORATION PVT. LTD.
SAFE SECURITY SERVICES PVT. LTD.
RELIANCE JIO INFOCOMM LTD.
EMINENT CIO'S OF INDIA
ICONS OF INDIA
Technology Icons Of India 2023: B.V.R. Subrahmanyam
B.V.R. Subrahmanyam belongs to Andhra Pradesh. He is a 1987-batch IAS ...
Technology Icons Of India 2023: Amitabh Kant
Amitabh Kant is presently the G20 Sherpa of India during its Presidenc...
Technology Icons Of India 2023: Roshni Nadar Malhotra
Roshni Nadar Malhotra is an Indian billionaire businesswoman and the c...
PARTNER SPEAKERS
PSU
PGCIL transforming India with its wide power transmission network
Engaged in power transmission, POWERGRID or PGCIL is a stated owned In...
DRDO is India's largest and most diverse research organisation
DRDO is the R&D wing of Ministry of Defence, Govt of India, with a vis...
ECIL continues to keep India ahead in the growth of Information Technology and Electronics
ECIL played a very significant role in the training and growth of high...
VIDEOS
Top 25 Brands
Value-Added Distribution
INFLOW TECHNOLOGIES PVT. LTD.
Inflow Technologies is a niche player in the IT Infrastructure Distrib...
Crayon Software Experts India Pvt Ltd
Crayon helps its customers build the commercial and technical foundati...
WPG C&C COMPUTERS & PERIPHERALS PVT. LTD.
WPG C&C Computers & Peripherals (India) was incorporated in 2008 and ...
ITFORUM 2024
WIITF 2024
CMO of the Year
WOMEN LEADERSHIP
EMINENT CIO's OF INDIA
TRENDS IN TECHNOLOGY
MORE VIDEOS
ADVERTISEMENTS
TECHNOLOGY DISRUPTION
UNICORNS REVOLUTIONISING
