ex-NSA Hacker Discloses macOS Mojave 10.14 Zero-Day Vulnerability
Sep 27, 2018
The same day Apple released its latest macOS Mojave operating system, a security researcher demonstrated a potential way to bypass new privacy implementations in macOS using just a few lines of code and access sensitive user data. On Monday, Apple started rolling out its new macOS Mojave 10.14 operating system update to its users, which includes a number of new privacy and security controls, including authorization prompts. Mojave 10.14 now pops up authorization prompts that require direct and real user interaction before any unprivileged third-party application can tap into users' sensitive information, such as address books, location data, message archives, Mail, and photos. Patrick Wardle, an ex-NSA hacker and now chief research officer at Digita Security, discovered a zero-day flaw that could allow an attacker to bypass authorization prompts and access users' personal information by using an unprivileged app. Wardle tweeted a video Monday showing how he was able