Zero-day privacy bypass vulnerability found in the newly released Mac OS Mojave
By MYBRANDBOOK
A security researcher has claimed to have found a new vulnerability in the latest version of Mac OS that too just a few hours before the software was scheduled to be released.The researcher had tweeted a video on Monday that showed the bypass of a security feature that’s designed to prevent apps from improperly accessing a user’s personal data.
What did the researcher show in the video?
According to the video that was posted on Twitter, it can be seen that the MacOS initially refused access to the stored contacts saying that the “operation was not permitted”. But when the researcher executed an unprivileged script simulating a malicious app, it copied his entire address book to the desktop thus bypassing the security feature.
However, the bypass does not work with all of the new privacy protection features and hardware-based components such as the webcam are not affected. The entire description of the vulnerability is not available yet, as the researchers plan to share technical details in November at a conference.
The security researcher has just shared a POC(Proof of Concept) and no specific details of how the vulnerability is exploited have been made public. This means that most hackers whether malicious or non-malicious won’t get their hands on how the researcher managed to do it until they get encouraged enough and find it out on their own which is bound to take a good amount of time.
As the researcher has said that he would be presenting the vulnerability in a conference it is extremely probable that he will be reporting the bug to Apple and make sure Apple patches it before he presents it as this is the general expected flow after finding a zero-day and going public with it.
It's completely obvious that Apple does a rigorous amount of security testing before releasing an update but this incident just goes on to show the power of crowd-sourced security.
It may not be possible for individual teams to maintain each and every brick in the wall and check it regularly hence most organisations are shifting to crowd-sourced security models for a single reason - It works!. Crowdsourcing is the aptest form of security in the current meta as it allows app owners to catch the vulnerabilities that slipped through the cracks that too in the most cost and time effective way.
BREAKING NEWS
TECHNO TRENDS
Legal Battle Over IT Act Intensifies Amid Musk’s India Plans
The outcome of the legal dispute between X Corp and the Indian government c...
Wipro inks 10-year deal with Phoenix Group's ReAssure UK worth
The agreement, executed through Wipro and its 100% subsidiary,...
Centre announces that DPDP Rules nearing Finalisation by April
The government seeks to refine the rules for robust data protection, ensuri...
Home Ministry cracks down on PoS agents in digital arrest scam
Digital arrest scams are a growing cybercrime where victims are coerced or ...
E-Magazine
TECHNOTAINMENT
Hrithik Roshan to endorse RuPay as Brand Ambassador
RuPay is reportedly planning to feature Bollywood superstar Hrithik Rosha
India Today Group launches – AI Pop Stars
Staying true to our industry leadership position in using cutting-edge tech
MOVERS & SHAKERS
TelioLabs ropes in Phaniraj V A as the Group CEO
TelioLabs has announced the onboarding of Phaniraj V A as its new Group CE
Wipro Appoints Amit Kumar as Managing Partner and Global Head
Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading technology s
OPEN YOUR EYES
INTERVIEWS
Alpha Max offers high end solutions in the network space to en
The vision at Alpha Max is to attain quality as the trademark and create a
Acer addresses evolving customer needs by consistently pushing
Acer offers a comprehensive range of products under one roof, including des
HOT PICK
MSI Announces the availability of RTX 50 series of laptops in
MSI, the innovative computing manufacturer in gaming, creator
Nothing Phone (3a) goes on sale today, starting at Rs 19,999
The phone was launched on March 4, featuring a 50MP main, ultra-wide, and t
MAKE IN INDIA BRANDS
TECHROUTES NETWORK PRIVATE LIMITED
DIGISOL SYSTEMS LTD.
LENOVO INDIA PVT. LTD.
WIPRO LTD.
EMINENT CIO'S OF INDIA
ICONS OF INDIA
Icons Of India : ASHISH KUMAR CHAUHAN
Ashish kumar Chauhan, an Indian business executive and administrator, ...
ICONS OF INDIA : S KRISHNAN
S Krishnan as the secretary for the electronics and information techno...
ICONS OF INDIA : ROSHNI NADAR MALHOTRA
Roshni Nadar Malhotra is the Chairperson of HCLTech, a leading global ...
PARTNER SPEAKERS
PSU
ITI - ITI LimitedÂ
ITI Limited is a leading provider of telecommunications equipment, sol...
IOCL - Indian Oil Corporation Ltd. Â
IOCL is India’s largest oil refining and marketing company ...
NIC - National Informatics Centre Â
NIC serves as the primary IT solutions provider for the government of ...
VIDEOS
Top 25 Brands
Global Indian industry
Indian Tech Talent Excelling The Tech World - ANJALI SUD, CEO – Tubi
Anjali Sud, the former CEO of Vimeo, now leads Tubi, Fox Corporationâ€...
Indian Tech Talent Excelling The Tech World - Rajiv Ramaswami, President & CEO, Nutanix Technologies
Rajiv Ramaswami, President and CEO of Nutanix, brings over 30 years of...
Indian Tech Talent Excelling The Tech World - NIKESH ARORA, Chairman CEO - Palo Alto Networks
Nikesh Arora, the Chairman and CEO of Palo Alto Networks, is steering ...
ITFORUM 2025
CMO of the Year
WOMEN LEADERSHIP
IMAGE GALLERY
TRENDS IN TECHNOLOGY
MORE VIDEOS
ADVERTISEMENTS
TECHNOLOGY DISRUPTION
UNICORNS REVOLUTIONISING
of images belongs to the respective copyright holders
