Six months after software developer Jeff Johnson told Apple about a privacy bypass vulnerability opening up protected files in macOS Mojave, macOS Catalina, and the upcoming macOS Big Sur, the bug remains unfixed – so he's going public.
Johnson, who runs app developer Lapcat Software, said he submitted details about the problem to Apple's Security Bounty program on the day it opened for business, December 19, 2019. The problem appears to be a flaw in the way Apple's Transparency, Consent, and Control sandboxing system. Essentially, unauthorized apps can exploit the bug to access protected files that should be off limits.
In a blog post on Tuesday, he explains that after asking Apple for a status update in January this year, in Ap ..
Support the originator by clicking the read the rest link below.
