On the market for an iPhone? Here's a breakdown of all the currently shipping iPhones from Apple.
Bypass Flaw in Newly Released macOS Mojave Update Lets Hackers Access Protected Files
As outlined by BleepingComputer, Wardle discovered that he was able to access Contacts data from the address book using an unprivileged app, as demonstrated in the video below.
According to Wardle, the vulnerability is a result of the way that Apple implemented new macOS privacy protections in the Mojave update.
"I found a trivial, albeit 100% reliable flaw in their implementation," he told us, adding that it allows a malicious or untrusted app to bypass the new security mechanism and access the sensitive details without authorization.The bypass does not work with all of the new privacy protection features in macOS Mojave, and hardware-based components, such as the webcam, are not affected. Full details on the vulnerability are not available yet, as Wardle plans to share technical details in November.
In the macOS Mojave update, Apple made a change that requires explicit user consent for apps to access location data, camera, contacts, calendars, reminders, messages history, Safari data, mail databases, and other sensitive data, which should prevent the vulnerability that Wardle demonstrates.

Apple will undoubtedly address the security flaw discovered by Wardle in an upcoming update to macOS Mojave.
Top Rated Comments
(View all)The only reason to publish a vulnerability with no fix is if the vendor WILL NOT FIX the vulnerability. I doubt that is the case here. This Wardle is seeking attention, and should be looked down upon.
See the guys listed here? These are the true professionals, they did it right.
https://support.apple.com/en-us/HT209139
Why dont they do proper testing?
Yeah they should have a beta program or something with a feedback app, then this would’ve been discovered months ago :rolleyes:I think it is perfect timing. The more attention these issues get the better for consumers. As long as he doesn't sell zero day on blackmarket but shares it with public i am good with it.
Seems like you are more concerned with reputation of the brand Apple than their customers security.
It does not matter that it was Apple, it could have been Microsoft releasing the latest Windows 10 "creator update" or whatever they are flavoring their builds as. If you have knowledge of a vulnerability during beta, you report it during beta and they fix it during beta. It is that simple.
This guy took the time to discover the vulnerability, write an exploit for it that worked, then sat on his hands until release day to make a statement and get publicity. That is what I have an issue with. It was unethical, and unprofessional.
[ Read All Comments ]