Last year, Apple expanded its security vulnerability to include macOS with the iPhone. However, according to at least one researcher, the company is not acting fast enough on some exploits.
Developer Jeff Johnson informed Apple about one exploit which allows an attacker to steal private data with a malicious Safari clone six months ago.
If a user is tricked into downloading the malware archive, ο κλώνος του Safari παρέχει αδικαιολόγητη access on macOS. Any restricted files that are available in Safari become immediately available to the attacker.
Johnson explains that the exploit works because the Transparency, Consent, and Control privacy feature protected Apple performs insufficient authentication of a file. This means that the modified version of Safari can run without the aforementioned protection enabled.
And yes, exploit also works in the current macOS 11 Big Sur beta.
Johnson says Apple told him they were still investigating the problem, after initially telling him it would be fixed in the spring of 2020. Of course, people are currently flooded with an ongoing pandemic and workers around the world are working online, something justifying delays.
Hopefully the bug will be fixed once Big Sur goes public. For more on how exploit works, see Johnson's post from here.
