Privacy Flaw in macOS Allows Safari Clone to Run With Full Access

A privacy flaw in macOS discovered past programmer Jeff Johnson allows full access to private files within Safari's app folders. The nil-day exploit can give a Safari clone app full access to the user'southward files, tricking them into using it which could enable a hacker to steal their information. The bug was first reported to Apple in Dec 2019, and impacts macOS x.14 and later operating system versions.

The flaw, reported by developer Jeff Johnson, exists in the privacy protections system chosen TCC (Transparency, Consent, and Control) in macOS, which is supposed to prevent unauthorized apps from accessing protected files on your Mac. TCC superficially checks the code signature of an app, and grants exceptions based on its packet identifier. This means that a hacker tin theoretically make a clone of Safari app, place information technology in a different location on the Mac and modify it to steal information. Due to the privacy protections flaw, the cloned Safari app volition still exist able to access the individual data that the original Safari app has access to.

Although the outcome was initially reported in December 2019, when Apple launched its Problems Bounty Programme, it has been over 6 months and the flaw remains unresolved. Apple has released many macOS Catalina updates since then and none of them have fixed this issue. Based on the status of the issues fix provided by Apple, Jeff believes that even macOS Large Sur has this consequence and he does not expect Apple to fix it anytime soon.

The merely workaround for now is to ensure that you only install software from reliable sources such as the Mac App Store.

Here's what Jeff Johnson has to say about the issue and Apple's response:

Should you be worried almost this issue? That depends on how you feel in general about macOS privacy protections. Prior to Mojave, the privacy protections feature did not exist at all on the Mac, then you're not any worse off now than you were on High Sierra and earlier. My personal opinion is that macOS privacy protections are mainly security theater and but harm legitimate Mac developers while allowing malware apps to bypass them through many existing holes such as the one I'thousand disclosing, and that other security researchers have likewise constitute. I feel that if you already have a hostile non-sandboxed app running on your Mac, and then you're in big trouble regardless, and so these privacy protections won't save you. The all-time security is to be selective near which software y'all install, to be careful to avoid ever installing malware on your Mac in the first place. There's a reason that my security research has focused on macOS privacy protections: my goal is to bear witness that Apple'southward debilitating lockdown of the Mac is not justified by alleged privacy and security benefits. In that respect, I recollect I've proved my point, over and over again. In any instance, yous accept the right to know that the systems you rely on for protection are not actually protecting y'all.

via VentureBeat