Last year, Apple expanded its loophole program security of to include macOS along with it iPhone. However, according to at least one researcher, the company is not acting quickly enough on some exploits.
Developer Jeff Johnson informs Apple of an exploit that allows an attacker to steal private data with a malicious Safari clone six months ago.
If a user is tricked into downloading the malicious file, the Safari clone provides unauthorized access to macOS. Any restricted files available in Safari are immediately available to the attacker.
Johnson explains that the exploit works because the Transparency, Consent, and Control privacy protection της Apple πραγματοποιεί ανεπαρκή έλεγχο της αυθεντικότητας ενός αρχείου. Αυτό σημαίνει ότι η τροποποιημένη έκδοση του Safari μπορεί να τρέξει χωρίς να ενεργοποιηθεί η προαναφερθείσα protection.
And yes, exploit also works in the current macOS 11 Big Sur beta.
Johnson says Apple told him they're still investigating problem, after initially telling him it would be fixed in the spring of 2020. Of course, the world is currently in the grip of an ongoing pandemic, and workers around the world are operating online, which warrants delays.
Hopefully the bug will be fixed once Big Sur goes public. For more on how exploit works, see Johnson's post from here.