macOS Mojave: Researcher claims to have found new vulnerability

Must Read

Explained: The evolving nature of cybersecurity threats

Concerns such as hacking and the presence of computer viruses have existed for decades in one form or another. As technology evolved over the years, so did the   threats themselves.

Sapience Analytics signs distribution agreement with Redington

and said that they have entered into a distribution agreement where latter will resell the Sapience Vue solution through its network of over 30,000 channel partners, system integrators, and value-added resellers countrywide.

Andhra Pradesh to resurvey and digitise all land records

The push for resurvey and digitisation of land records in Andhra Pradesh comes from the success of resurvey done in Thakkellapadu of Jaggayyapeta mandal in Krishna district

A security researcher has claimed to have found a new vulnerability in the latest version of that too just a few hours before the software was scheduled to be released. The researcher had tweeted a video on Monday that showed the bypass of a security feature that’s designed to prevent apps from improperly accessing a user’s personal data.

According to the video that was posted on Twitter by Patrick Wardle, chief researcher officer at Digita Security, it can be seen that the macOS initially refused access to the stored contacts saying that the “operation was not permitted”. But when the researcher executed an unprivileged script simulating a malicious app, it copied his entire address book to the desktop thus bypassing the security feature.

However, the bypass does not work with all of the new privacy protection features and hardware-based components such as the webcam are not affected. The entire description of the vulnerability is not available yet, as the researchers plan to share technical details in November at a conference.

Wardle told TechCrunch that his findings are “not a universal bypass” of the feature, but that the bug could allow a malicious app to grab certain protected data, such as a user’s contacts, when a user is logged in.

“The security researcher has just shared a POC (Proof of Concept) and no specific details of how the vulnerability is exploited have been made public. This means that most hackers whether malicious or non-malicious won’t get their hands on how the researcher managed to do it until they get encouraged enough and find it out on their own which is bound to take a good amount of time,” said Ankush Johar, Director at Infosec Ventures.

As the researcher has said that he would be presenting the vulnerability in a conference it is extremely probable that he will be reporting the bug to Apple and make sure Apple patches it before he presents it as this is the general expected flow after finding a zero-day and going public with it.

It’s completely obvious that Apple does a rigorous amount of security testing before releasing an update but this incident just goes on to show the power of crowd-sourced security, said Johar.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

Leave a Reply

*The moderation of comments is automated and not cleared manually by techobserver.in. Embedding of any link and use of abusive or unparliamentary language are prohibited.
- Advertisement -

Latest in TECH

Sapience Analytics signs distribution agreement with Redington

Sapience Analytics and Redington said that they have entered into a distribution agreement where latter will resell the Sapience Vue solution through its network of over 30,000 channel partners, system integrators, and value-added resellers countrywide.
- Advertisement -SAP Hana

Related Articles