• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / infosec
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
  • / yourpost
home / News / 0Day: macOS privacy protections bypass

0Day: macOS privacy protections bypass

01/07/2020 07:45 by giorgos

Last year, Apple expanded its security vulnerability to include macOS with the iPhone. However, according to at least one researcher, the company is not acting fast enough on some exploits.

Developer Jeff Johnson informs Apple of an exploit that allows an attacker to steal private data with a malicious Safari clone six months ago.

If a user is tricked into downloading the malicious file, the Safari clone provides unauthorized access to macOS. Any restricted files available in Safari are immediately available to the attacker.0day - 0Day: macOS privacy protections bypass

Johnson explains that exploit works because Apple's Transparancy, Consent, and Control privacy protection function insufficiently checks the authenticity of a file. This means that the modified version of Safari can run without activating the aforementioned protection.

And yes, exploit also works in the current macOS 11 Big Sur beta.

Johnson says Apple told him they were still investigating the problem, after initially telling him it would be fixed in the spring of 2020. Of course, people are currently flooded with an ongoing pandemic and workers around the world are working online, something justifying delays.

Hopefully the bug will be fixed once Big Sur goes public. For more on how exploit works, see Johnson's post from here.

0Day: macOS privacy protections bypass was last modified: 1 July, 2020, 7: 45 am by giorgos

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: Newstag: 0day, macos, privacy protections bypass

You May Also Like

Zero-day bug in Windows 7 and Windows Server 2008
Chrome 86.0.4240.198 fixes two new 0day
Chrome 0day CVE-2020-16009 update immediately

About Us giorgos

George still wonders what he's doing here ...

Previous Post: « Windows 10 - Server: Emergency security updates
Next Post: Windows 10 because they say Wi-Fi network "is not secure" Wi-Fi »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loading Cancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.