The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Apple macOS Mojave

macOS 0-Day Flaw Lets Hackers Bypass Security Features With Synthetic Clicks

macOS 0-Day Flaw Lets Hackers Bypass Security Features With Synthetic Clicks

June 03, 2019Swati Khandelwal
A security researcher who last year bypassed Apple 's then-newly introduced macOS privacy feature has once again found a new way to bypass security warnings by performing 'Synthetic Clicks' on behalf of users without requiring their interaction. Last June, Apple introduced a core security feature in MacOS that made it mandatory for all applications to take permission ("allow" or "deny") from users before accessing sensitive data or components on the system, including the device camera or microphone, location data, messages, and browsing history. For those unaware, 'Synthetic Clicks' are programmatic and invisible mouse clicks that are generated by a software program rather than a human. MacOS itself has built-in functionality for synthetic clicks, but as an accessibility feature for disabled people to interact with the system interface in non-traditional ways. So, the feature is only available for Apple-approved apps, preventing ma
Google Discloses Unpatched 'High-Severity' Flaw in Apple macOS Kernel

Google Discloses Unpatched 'High-Severity' Flaw in Apple macOS Kernel

March 04, 2019Mohit Kumar
Cybersecurity researcher at Google's Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified. Discovered by Project Zero researcher Jann Horn and demonstrated by Ian Beer, the vulnerability resides in the way macOS XNU kernel allows an attacker to manipulate filesystem images without informing the operating system. The flaw could eventually allow an attacker or a malicious program to bypass the copy-on-write (COW) functionality to cause unexpected changes in the memory shared between processes, leading to memory corruption attacks. Copy-On-Write, also referred to as COW, is a resource-management optimization strategy used in computer programming. In general, if any process (destination) requires a file or data that is already in the memory but created by another process (source), both processes can share the
New Unpatched macOS Flaw Lets Apps Spy On Your Safari Browsing History

New Unpatched macOS Flaw Lets Apps Spy On Your Safari Browsing History

February 12, 2019Wang Wei
A new security vulnerability has been discovered in the latest version of Apple's macOS Mojave that could allow a malicious application to access data stored in restricted folders which are otherwise not accessible to every app. Discovered by application developer Jeff Johnson on February 8, the vulnerability is unpatched at the time of writing and impacts all version of macOS Mojave, including macOS Mojave 10.14.3 Supplemental update released on February 7. Certain folders in macOS Mojave have restricted access that is forbidden by default, like ~/Library/Safari, which can be accessed by only a few applications, such as Finder. However, Johnson discovered a way to bypass these restrictions in Mojave, allowing applications to access ~/Library/Safari without needing any permission from the user or the system, and read users' web browsing history. "My bypass works with the 'hardened runtime' enabled," Johnson said in a blog post published last week.
ex-NSA Hacker Discloses macOS Mojave 10.14 Zero-Day Vulnerability

ex-NSA Hacker Discloses macOS Mojave 10.14 Zero-Day Vulnerability

September 27, 2018Swati Khandelwal
The same day Apple released its latest macOS Mojave operating system, a security researcher demonstrated a potential way to bypass new privacy implementations in macOS using just a few lines of code and access sensitive user data. On Monday, Apple started rolling out its new macOS Mojave 10.14 operating system update to its users, which includes a number of new privacy and security controls, including authorization prompts. Mojave 10.14 now pops up authorization prompts that require direct and real user interaction before any unprivileged third-party application can tap into users' sensitive information, such as address books, location data, message archives, Mail, and photos. Patrick Wardle, an ex-NSA hacker and now chief research officer at Digita Security, discovered a zero-day flaw that could allow an attacker to bypass authorization prompts and access users' personal information by using an unprivileged app. Wardle tweeted a video Monday showing how he was able
Apple will let users run iOS apps on macOS

Apple will let users run iOS apps on macOS

June 06, 2018Swati Khandelwal
Apple is making it easier for mobile developers to port their iOS apps to the next-generation macOS Mojave desktop platform—a major step in bringing the two platforms closer together. However, at the same time, the company straightforward denied the idea of merging the iPhone and Mac operating systems into one platform, which was being speculated for years. So, Apple made it clear that iOS and macOS will continue to be separate products. Rumors of iOS apps coming to the Mac have been around since 2017, and yesterday at Apple's WWDC 2018 event, Apple senior vice president of software engineering Craig Federighi just confirmed this while concluding his keynote. Though iOS and macOS share similar underlying frameworks, both are separate operating systems with their own separate software libraries, called UIKit used by iOS and AppKit used by macOS, which have made porting iOS apps to Mac difficult, said Federighi. "iOS devices and macOS devices of course are different
All New Privacy and Security Features Coming in macOS 10.14 Mojave

All New Privacy and Security Features Coming in macOS 10.14 Mojave

June 05, 2018Mohit Kumar
At Worldwide Developer Conference 2018 on Monday, Apple announced the next version of its macOS operating system, and it's called Mojave . Besides introducing new features and improvements of macOS 10.14 Mojave—like Dark Mode, Group FaceTime, Dynamic Desktop, and Finder—at WWDC, Apple also revealed a bunch of new security and privacy features coming with the next major macOS update. Apple CEO Tim Cook said the new features included in Mojave are "inspired by pro users, but designed for everyone," helping you protect from various security threats. Here's a list of all macOS Mojave security and privacy features: Safari's Enhanced "Intelligent Tracking Prevention" It's no longer shocking that your online privacy is being invaded, and everything you search online is being tracked—thanks to third-party trackers present on the Internet in the form of social media like and sharing buttons that marketers and data brokers use to monitor web use
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.