0Day: macOS privacy protections bypass

Last year, Apple expanded its security vulnerability program to include macOS along with the iPhone. However, according to at least one researcher, the δεν ενεργεί αρκετά γρήγορα σε ορισμένα .

Developer Jeff Johnson notified Apple of an exploit that allows an attacker to steal private data with a Safari clone six months ago.

If a user is tricked into downloading the malicious file, the Safari clone provides unauthorized access to macOS. Any restricted files available in Safari are immediately available to the attacker.

Johnson explains that the exploit works because Apple's Transparency, Consent, and Control privacy protection feature performs insufficient checks on the authenticity of a file. This means that the modified of Safari can run without the aforementioned protection enabled.

And yes, exploit also works in the current macOS 11 Big Sur beta.

Johnson says Apple told him they're still investigating , after initially telling him it would be fixed in the spring of 2020. Of course, the world is currently engulfed by an ongoing pandemic, and workers around the world are operating through , which justifies delays.

Hopefully the will be settled once Big Sur goes public. For more on how the exploit works, you can see Johnson's post from here.

iGuRu.gr The Best Technology Site in Greecefgns

every post, directly to your

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).