Bypass Flaw in Newly Released macOS Mojave Update Lets Hackers Access Protected Files - MacRumors
Skip to Content

Bypass Flaw in Newly Released macOS Mojave Update Lets Hackers Access Protected Files

by

Researcher Patrick Wardle, who has uncovered many security flaws in Apple's macOS operating system, today shared some details on a new vulnerability that he's found in the newly released macOS Mojave update.

As outlined by BleepingComputer, Wardle discovered that he was able to access Contacts data from the address book using an unprivileged app, as demonstrated in the video below.


According to Wardle, the vulnerability is a result of the way that Apple implemented new macOS privacy protections in the Mojave update.

"I found a trivial, albeit 100% reliable flaw in their implementation," he told us, adding that it allows a malicious or untrusted app to bypass the new security mechanism and access the sensitive details without authorization.

The bypass does not work with all of the new privacy protection features in macOS Mojave, and hardware-based components, such as the webcam, are not affected. Full details on the vulnerability are not available yet, as Wardle plans to share technical details in November.

In the macOS Mojave update, Apple made a change that requires explicit user consent for apps to access location data, camera, contacts, calendars, reminders, messages history, Safari data, mail databases, and other sensitive data, which should prevent the vulnerability that Wardle demonstrates.

macosmojaveprivacy
Apple will undoubtedly address the security flaw discovered by Wardle in an upcoming update to macOS Mojave.

Related Forum: macOS Mojave

Popular Stories

Apple Wallet

iOS 27 Will Add Two New Apple Wallet Features to Your iPhone

Monday June 1, 2026 12:15 pm PDT by
Apple is set to unveil iOS 27 during its WWDC 2026 keynote on Monday, June 8, and the update will reportedly include two new Apple Wallet features. First, iOS 27 will reportedly let users create their own digital passes by scanning items like movie tickets, concert passes, and gym membership cards. Many apps already offer Apple Wallet passes, but now users will be able to create a custom...
Read Full Article
Dynamic Island iPhone 18 Pro Feature

iPhone 18 Pro Battery Capacities Allegedly Leaked

Tuesday June 2, 2026 1:54 am PDT by
Battery capacities for Apple's upcoming iPhone 18 Pro have allegedly surfaced, and the numbers suggest only a modest increase over the iPhone 17 Pro. According to prolific Weibo-based leaker Digital Chat Station, Apple is testing the iPhone 18 Pro with different battery capacities for the China and U.S. versions of the device, similar to last year's iPhone 17 Pro models. The Chinese model is ...
Read Full Article40 comments
macOS 27 on MacBook Pro

Apple Says macOS 27 Won't Be Compatible With These Macs

Wednesday June 3, 2026 8:29 am PDT by
During WWDC 2025, Apple revealed that macOS 26 Tahoe would be the final major macOS version for Intel-based Macs. macOS 27 will be compatible with Apple silicon Macs only, meaning that you will need a Mac with an M-series chip or a MacBook Neo with an A18 Pro chip in order to install the software update. Apple will unveil macOS 27 during its WWDC 2026 keynote this Monday, June 8, and the...
Read Full Article90 comments

Top Rated Comments

SecuritySteve Avatar
SecuritySteve
101 months ago
As a security researcher professional, this is entirely inappropriate. He should have contacted Apple during the beta release cycle and gotten it fixed. If Apple needs more time to fix it, and is aware of the issue, then you keep the vulnerability under wraps so that other hackers do not exploit your vulnerability while it has no fix.

The only reason to publish a vulnerability with no fix is if the vendor WILL NOT FIX the vulnerability. I doubt that is the case here. This Wardle is seeking attention, and should be looked down upon.

See the guys listed here? These are the true professionals, they did it right.

https://support.apple.com/en-us/HT209139
Score: 52 Votes (Like | Disagree)
fokmik Avatar
fokmik
101 months ago
why come forward today and not earlier that Apple can fix this before Mojave release ? i wonder...
Score: 31 Votes (Like | Disagree)
dannyyankou Avatar
dannyyankou
101 months ago
Why dont they do proper testing?
Yeah they should have a beta program or something with a feedback app, then this would’ve been discovered months ago :rolleyes:
Score: 24 Votes (Like | Disagree)
rafark Avatar
rafark
101 months ago
Why dont they do proper testing? A bit embarrassing for a trillion dollar company.
Score: 21 Votes (Like | Disagree)
dannyyankou Avatar
dannyyankou
101 months ago
It requires the Mac to be unlocked in the first place, so this isn’t the worst security flaw in the world.
Score: 11 Votes (Like | Disagree)
MacDawg Avatar
MacDawg
101 months ago
Oh goodie, now we can have all of the usual suspects flock here to take a **** on Apple
Score: 10 Votes (Like | Disagree)
Read All Comments