Macs have privacy holes, Apple has been criticized

Developer Jeff Johnson quickly revealed to Apple about a zero-day flaw, which allows hackers to access users’ private files in Safari web browser – a problem affecting the whole session beta version of macOS Big Sur. But he asserts that more than 6 months have passed and the company has not yet patched this hole, causing itself to abandon the bounty-hunting program and criticize the company’s efforts as nothing more than empty words.

The vulnerability Johnson discovered was quite serious: a Safari user when lured to download a seemingly safe file from a website might open the door accidentally for an attacker to infiltrate the computer and create a modified copy of Safari, and macOS views this copy as the original application. ” Any restricted file that Safari can access ” will be accessed by the attacker, who can instruct the automatic transfer of files that should have been protected to his server.

According to Johnson’s explanation, this flaw exists because Apple’s Transparency, Consent, and Control (TCC) privacy protection system allows exceptions that only consider the application’s identifier, not The origin of the file is running, and ” only checks superficial signatures in the application’s code “. As a result, a modified copy of Safari can be run from an incorrect directory with the root directory but still not disturb the TCC protection system, a problem that exists from macOS 10.14 (Mojave). ), 10.15 (Catalina) and 11 (Big Sur), putting millions of consumers and businesses at risk of illegally sharing their private data that should be kept confidential.

In addition to the aforementioned flaw, Johnson emphasized that Apple’s discrete responses gave him doubts about the speed and potential for compensation from the Security Bounty program. Having reported the vulnerability in December 2019, on the day the company opened the Bounty program, Johnson received a confirmation that Apple was planning to solve the problem, but by the end of June 2020, there was no problem. nothing happened. This time, he passed the 90-day limit of not disclosing the flaw – according to Johnson – and it was his second time experiencing this situation. “It became obvious that I would never get a reward from Apple for anything I reported to them, or at least for an acceptable time .”

Complaints about Apple’s slow response speed to zero-day vulnerability reports came before the Security Bounty program, including back and forth between Apple and the security team. Project Zero from Google. Johnson’s story about Apple ‘s slow response and vague payment process is certainly not the only one, but it comes with a warning to all users that ” privacy protection measures. on macOS is mostly just talking , “jeopardizing legitimate Mac developers and enabling malicious scammers to slip through gaps. ” You have the right to know that the systems you are relying on for protection do not protect you, ” Johnson said, adding that despite the conflicting claims, ” Apple’s increasingly poor security. on Mac cannot be justified by the benefits of privacy and security . ”

Yesterday, Apple told Johnson that the company is still investigating the flaw. Will Apple fix the flaw in the beta version of Big Sur, which focuses heavily on improvements to Safari and its earlier versions.

Reference: VentureBeat