Bypass Flaw in Newly Released macOS Mojave Update Lets Hackers Access Protected Files
Researcher Patrick Wardle, who has uncovered many security flaws in Apple's macOS operating system, today shared some details on a new vulnerability that he's found in the newly released macOS Mojave update.
As outlined by BleepingComputer, Wardle discovered that he was able to access Contacts data from the address book using an unprivileged app, as demonstrated in the video below.
According to Wardle, the vulnerability is a result of the way that Apple implemented new macOS privacy protections in the Mojave update.
"I found a trivial, albeit 100% reliable flaw in their implementation," he told us, adding that it allows a malicious or untrusted app to bypass the new security mechanism and access the sensitive details without authorization.
The bypass does not work with all of the new privacy protection features in macOS Mojave, and hardware-based components, such as the webcam, are not affected. Full details on the vulnerability are not available yet, as Wardle plans to share technical details in November.
In the macOS Mojave update, Apple made a change that requires explicit user consent for apps to access location data, camera, contacts, calendars, reminders, messages history, Safari data, mail databases, and other sensitive data, which should prevent the vulnerability that Wardle demonstrates.
Apple will undoubtedly address the security flaw discovered by Wardle in an upcoming update to macOS Mojave.
Popular Stories
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another eight months, there are already plenty of rumors about the devices.
Below, we have recapped 12 features rumored for the iPhone 18 Pro models, as of January 2026:
The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras
Under-screen Face ID...
Apple plans to upgrade the iPad mini, MacBook Pro, iPad Air, iMac, and MacBook Air with OLED displays between 2026 and 2028, according to DigiTimes.
Bloomberg's Mark Gurman previously reported that the iPad mini and MacBook Pro will receive an OLED display as early as this year, but he does not expect the MacBook Air to adopt the technology until 2028 at the earliest.
A new iPad Air is...
Apple today updated its trade-in values for select iPhone, iPad, Mac, and Apple Watch models. Trade-ins can be completed on Apple's website, or at an Apple Store.
The charts below provide an overview of Apple's current and previous trade-in values in the United States, according to the company's website. Most of the values declined slightly, but some of the Mac values increased.
iPhone
...
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps.
The feature is currently available in 13 U.S. states and Puerto Rico, and it is expected to launch in at least seven more in the future.
To set up the...
iOS 27 is still many months away, but there are already plenty of rumors about new features that will be included in the software update.
The first beta of iOS 27 will be released during WWDC 2026 in June, and the update should be released to all users with a compatible iPhone in September.
Bloomberg's Mark Gurman said that iOS 27 will be similar to Mac OS X Snow Leopard, in the sense...
