A vulnerability present in the operating system of Apple computers, macOS, allows users to steal data when using browser replicas Safari, used by default in the system.
This security flaw, discovered by cybersecurity researcher Jeff Johnson, that occurs in all versions of macOS from Mojave, including macOS Catalina, is also present in the beta of macOS Big Sur, the latest version presented by Apple, as Johnson has assured.
The error is derived from the TCC privacy system introduced by Apple in macOS Mojave and in the way that it manages the access of unauthorized applications to the system. According to the researcher, any application downloaded from the Internet can make use of this ‘exploit’.
The vulnerability of macOS can be exploited through the development of a malicious replica of a legitimate application such as the browser Safari, since the security architecture of the system only analyzes the security certificates of the apps superficially.
By using this clone, the privacy system would allow an attacker to download files to infect the computer and get all the information that the user accesses through Safari without the authorization of the user.
Following the discovery of the vulnerability in September 2019, Johnson brought the issue to Apple’s attention in December, and since then it has not been fixed and the bug has also been replicated in Big Sur, announced in June during the annual developer event for Apple, WWDC20 and which is expected to launch in the coming months.