MY BRAND BOOK Zero-day privacy bypass vulnerability found in the newly released Mac OS Mojave

Zero-day privacy bypass vulnerability found in the newly released Mac OS Mojave

By MYBRANDBOOK

A security researcher has claimed to have found a new vulnerability in the latest version of Mac OS that too just a few hours before the software was scheduled to be released.The researcher had tweeted a video on Monday that showed the bypass of a security feature that’s designed to prevent apps from improperly accessing a user’s personal data.

What did the researcher show in the video?

According to the video that was posted on Twitter, it can be seen that the MacOS initially refused access to the stored contacts saying that the “operation was not permitted”. But when the researcher executed an unprivileged script simulating a malicious app, it copied his entire address book to the desktop thus bypassing the security feature.

However, the bypass does not work with all of the new privacy protection features and hardware-based components such as the webcam are not affected. The entire description of the vulnerability is not available yet, as the researchers plan to share technical details in November at a conference.

The security researcher has just shared a POC(Proof of Concept) and no specific details of how the vulnerability is exploited have been made public. This means that most hackers whether malicious or non-malicious won’t get their hands on how the researcher managed to do it until they get encouraged enough and find it out on their own which is bound to take a good amount of time.

As the researcher has said that he would be presenting the vulnerability in a conference it is extremely probable that he will be reporting the bug to Apple and make sure Apple patches it before he presents it as this is the general expected flow after finding a zero-day and going public with it.

It's completely obvious that Apple does a rigorous amount of security testing before releasing an update but this incident just goes on to show the power of crowd-sourced security.

It may not be possible for individual teams to maintain each and every brick in the wall and check it regularly hence most organisations are shifting to crowd-sourced security models for a single reason - It works!. Crowdsourcing is the aptest form of security in the current meta as it allows app owners to catch the vulnerabilities that slipped through the cracks that too in the most cost and time effective way.

BREAKING NEWS

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

TECHNO TRENDS

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

E-Magazine

TECHNOTAINMENT

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b

MOVERS & SHAKERS

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this

OPEN YOUR EYES

The demand for touch-less services are on huge demand

India Celebrates MSME Day, Focusing Business Continuity During COVID-19 Outbreak

The dangers of phishing are becoming Top Concern for the CEOs

COVID-19 Crisis Leads To Rising Growth Of Enterprise Collaboration Market

Future of Work To Be Fully Dependent Upon Digital Technology

INTERVIEWS

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

Autodesk continually pushing the boundaries in the Design and

Autodesk’s vision is of a better world designed and made for all. It inte

AMD Pensando driving innovation in the DPU architecture space

AMD Pensando stands out in the DPU (Data Processing Unit) market with its u

HOT PICK

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr

MAKE IN INDIA BRANDS

SAFE SECURITY SERVICES PVT. LTD.

POLYCAB INDIA PVT. LTD

TALLY SOLUTIONS PVT. LTD.

TEJAS NETWORKS INDIA PVT. LTD.

EMINENT CIO'S OF INDIA

PRIORITIZING APPROPRIATE DATA MANAGEMENT AND ETHICAL AI IS THE NEED OF THE HOUR

For us, cultivating customer trust amidst for that...

USING AI & BI OFFERINGS TO ADDRESS CLIENT NEEDS

In the fiscal year 2024-25, Assisto Technologies h...

HARNESSING THE POWER OF BIG DATA TO GAIN VALUABLE INSIGHTS

A Technology certainly drives innovation and busin...

ICONS OF INDIA

ICONS OF INDIA : SOM SATSANGI

With more than three decades in the IT Sector, Som is responsible for ...

Icons Of India : Dr. Sanjay Bahl

Dr. Sanjay Bahl has around four decades of experience in the ICT indus...

Icons Of India : Girish Mathrubootham

Girish Mathrubootham is the Founder of Freshworks (previously known ...

PARTNER SPEAKERS

Iris Global Services - “The Most Responsive Distributor”

As a company, Iris Global Services is equipped with everything it takes to set...

Aiming To Elevate Value Proposition With Strategic Initiatives

Inflow Technologies leverages data-driven insights to gauge brand awareness an...

Enhanced Skills & Expertise helping to better serve customers and stay ahead of the curve

Feedback Forms: Conducting surveys and collecting feedback from customers is a...

PSU

NIC - National Informatics Centre

NIC serves as the primary IT solutions provider for the government of ...

IOCL - Indian Oil Corporation Ltd.

IOCL is India’s largest oil refining and marketing company ...

RailTel Corporation of India Limited

RailTel is a leading telecommunications infrastructure provider in Ind...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024 : AMD

Advanced Micro Devices (AMD) has been a key player in the semiconductor indust...

Most Trusted Brands 2024 : TECH MAHINDRA

Tech Mahindra positions itself as a company that goes beyond just technology, ...

Most Trusted Brands 2024: Infosys Ltd.

Infosys, leverages emerging technologies and digital capabilities to help clie...

Global Indian industry

Indian Tech Talent Excelling The Tech World - ARVIND KRISHNA, CEO – IBM

Arvind Krishna, an Indian-American business executive, serves as the C...

Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy

Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...

Indian Tech Talent Excelling The Tech World - Shantanu Narayen, CEO- Adobe Systems Incorporated

Shantanu Narayen, CEO of Adobe Systems Incorporated, is renowned for h...

STARNITE AWARDS 2024

ITFORUM 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY