This article has been indexed from Softpedia News / Security
Wojciech Ragula from SecureRing and Csaba Fitzl from Offensive Security, revealed at a Black Hat USA briefing two days ago that applications allowed to run on macOS can override permissions granted by the operating system or the user, according to Dark Reading.
Several security holes and bad configurations allowed them to evade Apple’s TCC privacy scheme. Bypassing security permissions can lead to a variety of privacy risks, including accessing system files, taking screenshots, and collecting information from the contact book.
However, while the vulnerabilities themselves are not remotely exploitable, attackers can use them to bypass system protections on sensitive data. For the exploit to happen, bad actors need to convince the user to run malicious code. Regula explained that while Apple takes a considerable am…
Read the original article: Critical Vulnerabilities Found in macOS Privacy Protections