On September 24th, Apple’s finally released its new MacOS Mojave. Mac users have been waiting for this in anticipation. This update comes after a particularly buggy High Sierra. Despite the promise of new privacy updates, a security researcher found a bug in the OS on the very first day.
MacOS Mojave: Zero-Day Bug
Security researcher Patrick Wardle released a minute long clip on Twitter showing the world a new privacy concern in Mojave’s implementation. The zero-day bug allows an attacker to use a malicious app to steal personal data off of the Mac. What makes things even worse is that the app can be unprivileged.
To be clear, Wardle has stated that the bug isn’t a “universal bypass” for Apple’s permission feature. He did, however, show that a malicious app can easily steal protected data while the user is logged in.
What this means for Apple and MacOS Mojave Users
Logically speaking, Apple should be looking into curving the bug as soon as possible. As any Apple-loyal consumer knows, though, the company doesn’t acknowledge vulnerabilities until after it can present the public with a solution.
Despite the zero-day bug, MacOS Mojave users don’t have to give up on their computers just yet. Wardle has said that the bypass he found doesn’t work on all of the new privacy protection features. Users can rest assured knowing that their webcam and mic are safe, as hardware isn’t affected either.
Another good thing about the bug announcement is that Wardle hasn’t released how he managed to bypass the system’s permissions requirement. The chances of your system getting infected with malware that specifically targets these vulnerabilities are still very low.
That being said, it doesn’t seem like Apple’s new MacOS Mojave is starting out better than last year’s High Sierra update.
MacOS Mojave Zero-Day Bug – The Conversation
Look, any OS update will have bugs when it’s first released. The major issue is the lack of a bounty program for Apple’s MacOS. That means that Apple doesn’t really give any security research reason to help the company by finding vulnerabilities in their system.
This has been an ongoing problem with Apple. In fact, they were the last major tech company to implement a bug bounty program for their iOS and WatchOS systems, MacOS not included. This means that Apple doesn’t pay security researchers to report bugs in their MacOS.
MacOS Mojave Zero-Day Bug – Final Thoughts
Fans of Apple and its long list of products don’t have to throw out their devices just yet. Bugs are a normal aspect of a system’s life cycle, and Apple is sure to release a security fix soon. Internet users should be more aware of how they engage with their apps and system. Taking proper preventative measures can stop a lot of attacks from causing serious damage. If you’re using the internet and are worried about data theft, I suggest investing in a credible and trusted VPN service provider. This way, you’ll be making it extra difficult for anyone to access your data or your traffic.