Security News > 2020 > July > macOS Privacy Protections Bypass Disclosed After Apple Fails to Release Fix

macOS Privacy Protections Bypass Disclosed After Apple Fails to Release Fix
2020-07-01 15:30

Details on a macOS privacy protections bypass method were published this week, more than six months after Apple was informed of the issue, but failed to deliver a fix.

Dubbed TCC, the privacy protections system was introduced in macOS Mojave to ensure that certain files on the system are kept out of reach of unauthorized applications.

The vulnerability was discovered in September 2019 and Apple was informed on the matter on December 19, 2019, the same day the Apple Security Bounty Program was opened to the public.

To date the Cupertino-based company hasn't released a fix and Johnson believes that one won't arrive before macOS Big Sur is released.

The developer said he requested updates from Apple several times, but even in the latest response, the company said it was "Still investigating the issue."


News URL

http://feedproxy.google.com/~r/Securityweek/~3/1XyRAlOUDWM/macos-privacy-protections-bypass-disclosed-after-apple-fails-release-fix

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110