 |
| Defining and Explaining "macOS Privacy Protections Bug" primary points to understand at one sight |
Apple is renowned for its security feature that it provides to
their customers and consumer in terms of user data protection. In simple words, what stores in iPhone stay
secure and safe in iPhone. But when macOS Privacy protections Bug unfold by a
professional iOS developer Jeff Johnson could blast the Apple’s Reputation among users around the globe. This macOs
privacy protections Bug allows potential attackers to have access and steal
the users’ data by using bogus version of Safari.
Researchers and Scientists had lined up to find harmful bugs after
the introduction of Safety Bounty
Program (Apple Security Bounty Program) by Apple while remained unclosed for business purposes. Jeff Johnson has disclosed the vulnerability
is termed as macOS privacy protections bypass. The privacy protection system
(which is also called TCC: Transparency, Consent and Control) to be launched as
part of macOS Mojave, which had aims to protect certain files from the use of
unauthorized apps. He had succeeded to uncover the path that an unauthorized
app used to access the contents of protected files-means bypass the privacy
protection shield. This problem prevails in Mojave, Big Sur beta, and Catalina.
The Apple still not address this issue after intimating by developer Jeff
Johnson that this macOS privacy protections bug (vulnerability) helping hackers
entry easy to have access to user’s non-public record data through Safari
browser, and further the beta model of macOS Huge Sur is also affected by macOS
privacy Bug. Moreover, he claims that Apple will ignore this weakness for the
next six month to save guard the company payouts.
Timing of intimation by Jeff Johnson to Apple Company
On December 19, 2019, He reported Apple’s Product Security about
this Mojave Bug issue which was the same day when corporate introduced the
Apple Security Bounty Program.
On January 17, 2020, Apple Product Security had shown its response
after his updating his request by saying that they are planning to look into
the matter in spring 2020.
On April 27, 2020- upon his updated status, the Apple had given the
same answer that we are still in state of probing the issue.
On June 29, 2020- He again approached the Apple Product Security
after updating his status- but there is no change in reply by company on this
issue even bet model of the macOS 11 Big Sur was being released to developers
(this happen on June 22, 2020).
The Apple has authorized two vendors Safari and Finder to have
access files in ~/Library/Safari, unless special authorization is being
assigned to another app.
Two Fundamental Flaws within macOS privacy Protection System (TCC)
Following two fundamental flaws has been reported by developer Jeff
Johnson to Apple Product Security that makes this bug/vulnerability possible:
1- TCC just
consider the bundle identifier of the Apps instead the file path.
2- TCC only focus
on code signature of apps in depth.
Malicious Crafted Apps
There are mainly two types of malicious crafted apps that become
the cause of such vulnerability. These crafted apps are:
1. A modified
version of Safar that allows the hackers to reach the protected files
2. The Apps that
modifies safari and presenting modified version of Safari.
Safari browser is severely affected by this Bug. For example
downloading movies from different websites via safari browser, these two flaws
easily exploited the TCC (Transparency, Content, and Control) system uses just
as the identifier of the app while not look at the place from where it runs and
only look after the code signature of the app. Consequently, what does happen?
A clone of safari might be created and run from the flawed listing without
activating TCC safety that is an open threat for thousands of users from all
walks of life that sharing their supposedly secure data with hackers. The same is
happened with the modified version of Safari.
Reason of Disclosure of macOS Privacy Protections Bypass
According to Jeff Johnson, after the release of “The macOS 11 Big
Sur Beta with the presence of same macOS Privacy Bug (Protection), had
convinced me to disclose this macOS Privacy Bug (Mojave OS Bug or
vulnerability) in front of the people of whole world, specifically the users of
the Apple Products. The reason is that as more than six months had been passed
to report this issue to Apple Security Product which qualify the principle of
“Responsible Disclosure”, which is typically allow developers or software
scientists to uncover any issue for the sake of benefits of general public
after 90 days of reporting the issue to vendor.
In the words of Jeff Johnson
He had described the Apple macOS privacy protection systems (also
known as TCC) simply as a Security theater that has been staged to only damage legitimate
Mac Developers while permitting malicious apps such as modified safari and app
that modified safari to bypass TCC through many prevailing holes including
discovered by me. In addition other security scientists have also found such
types of vulnerabilities.