White hat hacker found a macOS Mojave privacy bypass 0-day flaw on release day

Pierluigi Paganini September 25, 2018

The popular macOS expert and former NSA hacker has discovered a zero-day vulnerability in macOS on Mojave ‘s release day.

It is always Patrick Wardle, this time the popular expert and former NSA hacker has found a zero-day flaw in macOS on Mojave ‘s release day.

According to the expert, the implementation bug can be exploited to access sensitive user data, including information in the address book.

The vulnerability resides in the implementation of the privacy-protection mechanisms for sensitive data.

The user data protection measures introduced in macOS Mojave force the users to provide the explicit consent for access sensitive data and files (i.e. location services, contacts, calendars,  photos).

Applications can no longer do this automatically by simulating human input with synthetic clicks. Apple’s latest OS displays an authorization request for direct user interaction.

This is possible by adding them to the system’s Application Data category in the System Preferences, Security & Privacy panel.

Wardle was able to access the sensitive data using an unprivileged app.

“I found a trivial, albeit 100% reliable flaw in their implementation,” he told Bleeping computer.

Wardle explained that the exploitation of the zero-day issue only works on Mojave’s new privacy protection features.

Below the video PoC published by Wardle, it shows the expert that tries to copy the content of the address book and denies the operation when the operating system asks for permission. Wardle then uses an unprivileged app that allows him to access the address book data.

Wardle plans to present technical details of the zero-day flaw in the upcoming Mac Security conference in Maui, Hawaii, in November.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – zero-day, Mojave)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment