2 min Security

macOS Mojave available today, but with vulnerability

macOS Mojave available today, but with vulnerability

Today, Apple released the public release of macOS 10.14 Mojave. However, contrary to what we are used to from the company, there is a major safety flaw. As a result, people who update their system are now vulnerable to hacks.

That puts security guard Patrick Wardle against Bleeping Computer. The vulnerability lies in the dark mode that has been introduced in this new version of the operating system. That makes it possible for hackers to crack a macOS device.

Easy to exploit

According to Wardle, the vulnerability can be exploited via an unverified app. This would give hackers easy access to privacy-sensitive data around users. Wardle did not want to tell exactly which app it is, or the way the hack works.

However, he did demonstrate how he could easily access the overview of all the contacts of a user. He did this by running a program called breakMojave, after which it turned out to be very easy to steal the data. The bypass does not work for all functions within Mojave: for example, the built-in webcam and some other hardware components are completely safe.

Wardle says he tried to contact Apple about the vulnerability. The company didn’t respond, but it seems that the vulnerability already existed in beta versions of the software.

MacOS Mojave

Mojave was announced on June 4 and was released as a beta release later that month. New features include an enhanced Finder and Quick Look, where a sidebar displays metadata around images, videos, documents and files, among other things. Apple has also combined Quicklook with Markup editing software, so that different types of media can be recognized. Most of the other improvements can be found under the bonnet.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.