macOS Mojave release date and specs: Mojave 'still full of security holes' despite promises of tougher protections
‘Explosion’ of dialogue boxes undermines user privacy, and zero-day flaw could allow an attacker to bypass permissions entirely
27/09/18: Mojave 'still full of security holes' despite promises of tougher protections
Researchers have found a litany privacy and security holes in Apple's newly-released macOS Majove despite claims it goes "further than ever" to protect users.
The new operating system, rolled out on 24 September, claims to offer a host of features that bolster its security and privacy credentials. These include a stronger permissions regime, enhanced tracking prevention, and automatically-generated passwords on Safari.
But an explosion of dialog boxes and approval messages could lead to the unintended consequence of "dialogue fatigue", according to Malwarebytes' head of Mac and mobile Thomas Reed.
"The idea is that people get tired of being hassled when they're trying to get work done, and will just do whatever is needed to click past a warning dialog without actually reading it," he wrote in a blog post.
"Dialog fatigue similar to security fatigue is real, and after having upgraded to Mojave, I can attest to the fact that it has a tendency to display a lot of these dialogs in the beginning. I had to approve access to data for quite a few of my apps.
"Chances are, the average person will get tired of doing so, and will simply approve each one without paying attention."
Among the most concerning observations are that dialog boxes present users an "ok" option instead of "allow", alongside "don't allow", which could lead to mistakes being made. The blog also highlights an issue with background processes not triggering user approval, which could lead to those apps breaking.
These privacy concerns, however, pale when compared against two independent security holes found within 24 hours of macOS Mojave's release showing that Apple's user protections can be bypassed.
SentinalOne demonstrated that it's possible for a remote user to gain unauthorised access to protected data through secure shell (ssh) - a programme that allows a user to establish a remote connection to another computer and send through Unix commands.
The security firm's macOS team also highlighted that whitelisting for Full Disk Access presents a security issue.
The way Apple has implemented the approval mechanism is such that requesting access for one user's photo may lead to the app being whitelisted for all users universally. This means it could potentially read browser history, emails, and chat messages, among other data points, for every user.
Meanwhile, Patrick Wardle, chief research officer at Digita Security, discovered a zero-day bug that could allow an attacker to bypass authorisation prompts entirely and access a users' personal data through an unprivileged app.
In a video, Wardle demonstrated how he could bypass permission requirements by running a few lines of code that simulates a malicious app known as "breakMojave".
The clip showed the ex-NSA hacker initially denied access to address book data, before running the script and later copying this data to the desktop.
IT Pro approached Apple for comment but did not get a response at the time of writing.
12/09/18: New OS will launch on 24 September
macOS Mojave, Apple's latest operating system will officially launch on 24 September, according to CEO Tim Cook who used its 'Gather round' event on 12 September to confirm the news.
Back in June, Apple said its latest software had been "inspired by professionals but designed for everyone".
Messy desktops can be quickly and easily organised with a new Stacks feature, grouping relating items together neatly. There's also a revamped Finder with additional enhancements such as a Galleries view to help users find what they need quickly.
Dark Mode overhauls the aesthetics for users and developers (when using Xcode), helping to place the content that matters most to them at the centre of their software experience, with controls moving to the background.
"MacOS Mojave is a major update that introduces powerful new features for a wide range of Mac users, from consumers to pros," said Craig Federighi, Apple's senior vice president of Software Engineering. "Dark Mode brings a dramatic new look to macOS that puts your content front and centre, familiar iOS apps come to the Mac for the first time and the redesigned Mac App Store makes finding new apps easier and more enjoyable than ever."
FaceTime group call capability and a revamped Mac App Store, featuring content and apps from the likes of Adobe, Microsoft and more, were also confirmed during the WWDC keynote.
Even more excitingly for users, popular iOS apps such as News, Stocks, Home and Voice Memos also make their way to the desktop OS, prompting Federighi to once again rebuff claims that Apple may merge iOS and macOS together.
Apple was keen to stress that the updated OS also kept security and privacy front of mind, with intelligent features stopping users from being tracked and 'fingerprinted' without their consent.
"One of the reasons people choice Apple products is because of our commitment to security and privacy," Federighi said.
macOS Mojave: Release date & availability
MacOS Mojave was first unveiled at Apple's 2018 WWDC conference in early June, with its first build releasing immediately to developers through the Apple Developer Programme.
macOS Mojave will become generally available on 24 September. This will arrive as a free upgrade for those users running Macs built in mid-2012 or later, as well as 2010 and 2012 Mac Pro models using Metal-capable graphics cards.
macOS Mojave: Name
Since 2013, Apple has chosen to name new iterations of its flagship operating system after locations in California, and since 2014 these names have been associated with rock formations or mountain ranges - the most recent being macOS High Sierra.
With the moniker 'Mojave', the operating system will be the first in four years to be named after something other than a mountain range, instead referring to the desert that spans primarily southeastern California and southern Nevada.
macOS Mojave: Features
As the name suggests, users can switch their desktop to a dark colour scheme at will, something that's become a staple in most applications and software today. Not only do the colours change, but greater emphasis is placed on the content a user is interacting with, pushing controls to the background.
Apple has confirmed that built-in apps such as Mail, Messages, Calendar and Photos have been given redesigns to support darker colour schemes. An API is also being made available for developers wishing to create apps that support the new Dark Mode.
Stacks & navigation
The new Stacks feature aims to declutter desktops by automatically grouping folders together based on similar file types. Users can customise these stacks to display content based on date or time stamps, and an updated gallery view in Finder provides the option to skim through stacks using a visual slider. The Preview Pane has also been updated to display the metadata of files, making it much easier for users to get detailed information on media files at a glance.
A number of 'quality of life' shortcuts have also been added, including Quick Actions which gives more options from within the Finder pane, such as creating password-protected PDFs. Quick Look also provides a means of manipulating files at a glance without opening an app, such as cropping photos or making notes on a PDF.
News, Stocks, Home, Facetime
Mojave also brings a host of new apps to the macOS platform for the first time, specifically News, Stocks, Voice Memos and Home.
News is a fairly straight-forward aggregator application that pulls together articles, images and videos from a user's favourite publications and displays them in a single app. Home is all about Apple's smart home tech, allowing users to control their HomeKit-enabled devices from their Mac.
Voice Memos acts as a voice recording app for personal notes or meetings, the files of which can then be accessed through an iPhone or iPad, while Stocks provides the latest market news, as well as interactive charts and watchlists.
Apple's video messaging platform Facetime has also been updated, which now supports group chats.
Apple has also taken the opportunity to revamp its App Store. With Mojave, the store's discover tab will now highlight new and updated apps, and Create, Work, Play and Develop tabs should make it easier to sift through apps based on type.
Apple also confirmed a handful of high profile applications will soon be available through the store, including Microsoft Office and Adobe Lightroom CC.
macOS Mojave: Security
Apple was also keen to stress the importance of security in its software, and has introduced a number of nifty safeguards that aim to stop users from having their data collected without their consent.
Safari's Tracking Prevention feature blocks functions such as 'likes' or 'shares' from automatically tracking users without permission, while also hiding detailed user metadata when they visit websites. Safari now also automatically creates and stores strong passwords when users create accounts, and issues warnings when passwords are reused.
Changes under GDPR also mean that apps will be required to obtain permission from users before they access the Mac camera or microphone.
The challenge of securing the remote working employee
The IT Pro Guide to Sase and successful digital transformationFree Download
VMware Cloud workload migration tools
Cloud migration types, phases, and strategiesFree download
Practices for maximising the business value of digital infrastructure Consumption-as- a-Service subscriptions
IDC PeerScapeFree Download
Container network security guide for dummies
Enforcing Kubernetes best practicesFree download