macOS Mojave release date and specs: Mojave 'still full of security holes' despite promises of tougher protections

‘Explosion’ of dialogue boxes undermines user privacy, and zero-day flaw could allow an attacker to bypass permissions entirely

Latest news

27/09/18: Mojave 'still full of security holes' despite promises of tougher protections

Researchers have found a litany privacy and security holes in Apple's newly-released macOS Majove despite claims it goes "further than ever" to protect users.

The new operating system, rolled out on 24 September, claims to offer a host of features that bolster its security and privacy credentials. These include a stronger permissions regime, enhanced tracking prevention, and automatically-generated passwords on Safari.

But an explosion of dialog boxes and approval messages could lead to the unintended consequence of "dialogue fatigue", according to Malwarebytes' head of Mac and mobile Thomas Reed.

Advertisement - Article continues below

"The idea is that people get tired of being hassled when they're trying to get work done, and will just do whatever is needed to click past a warning dialog without actually reading it," he wrote in a blog post.

"Dialog fatigue similar to security fatigue is real, and after having upgraded to Mojave, I can attest to the fact that it has a tendency to display a lot of these dialogs in the beginning. I had to approve access to data for quite a few of my apps.

"Chances are, the average person will get tired of doing so, and will simply approve each one without paying attention."

Advertisement
Advertisement - Article continues below

Among the most concerning observations are that dialog boxes present users an "ok" option instead of "allow", alongside "don't allow", which could lead to mistakes being made. The blog also highlights an issue with background processes not triggering user approval, which could lead to those apps breaking.

Advertisement - Article continues below

These privacy concerns, however, pale when compared against two independent security holes found within 24 hours of macOS Mojave's release showing that Apple's user protections can be bypassed.

SentinalOne demonstrated that it's possible for a remote user to gain unauthorised access to protected data through secure shell (ssh) - a programme that allows a user to establish a remote connection to another computer and send through Unix commands.

The security firm's macOS team also highlighted that whitelisting for Full Disk Access presents a security issue.

The way Apple has implemented the approval mechanism is such that requesting access for one user's photo may lead to the app being whitelisted for all users universally. This means it could potentially read browser history, emails, and chat messages, among other data points, for every user.

Meanwhile, Patrick Wardle, chief research officer at Digita Security, discovered a zero-day bug that could allow an attacker to bypass authorisation prompts entirely and access a users' personal data through an unprivileged app.

In a video, Wardle demonstrated how he could bypass permission requirements by running a few lines of code that simulates a malicious app known as "breakMojave".

Advertisement - Article continues below

The clip showed the ex-NSA hacker initially denied access to address book data, before running the script and later copying this data to the desktop.

IT Pro approached Apple for comment but did not get a response at the time of writing.

12/09/18: New OS will launch on 24 September

macOS Mojave, Apple's latest operating system will officially launch on 24 September, according to CEO Tim Cook who used its 'Gather round' event on 12 September to confirm the news. 

Advertisement
Advertisement - Article continues below

Back in June, Apple said its latest software had been "inspired by professionals but designed for everyone". 

Messy desktops can be quickly and easily organised with a new Stacks feature, grouping relating items together neatly. There's also a revamped Finder with additional enhancements such as a Galleries view to help users find what they need quickly.

Dark Mode overhauls the aesthetics for users and developers (when using Xcode), helping to place the content that matters most to them at the centre of their software experience, with controls moving to the background. 

Advertisement - Article continues below

"MacOS Mojave is a major update that introduces powerful new features for a wide range of Mac users, from consumers to pros," said Craig Federighi, Apple's senior vice president of Software Engineering. "Dark Mode brings a dramatic new look to macOS that puts your content front and centre, familiar iOS apps come to the Mac for the first time and the redesigned Mac App Store makes finding new apps easier and more enjoyable than ever."

FaceTime group call capability and a revamped Mac App Store, featuring content and apps from the likes of Adobe, Microsoft and more, were also confirmed during the WWDC keynote. 

Even more excitingly for users, popular iOS apps such as News, Stocks, Home and Voice Memos also make their way to the desktop OS, prompting Federighi to once again rebuff claims that Apple may merge iOS and macOS together. 

Apple was keen to stress that the updated OS also kept security and privacy front of mind, with intelligent features stopping users from being tracked and 'fingerprinted' without their consent. 

Advertisement - Article continues below

"One of the reasons people choice Apple products is because of our commitment to security and privacy," Federighi said. 

macOS Mojave: Release date & availability

MacOS Mojave was first unveiled at Apple's 2018 WWDC conference in early June, with its first build releasing immediately to developers through the Apple Developer Programme.

Advertisement
Advertisement - Article continues below

macOS Mojave will become generally available on 24 September. This will arrive as a free upgrade for those users running Macs built in mid-2012 or later, as well as 2010 and 2012 Mac Pro models using Metal-capable graphics cards.

macOS Mojave: Name

Since 2013, Apple has chosen to name new iterations of its flagship operating system after locations in California, and since 2014 these names have been associated with rock formations or mountain ranges - the most recent being macOS High Sierra.

With the moniker 'Mojave', the operating system will be the first in four years to be named after something other than a mountain range, instead referring to the desert that spans primarily southeastern California and southern Nevada.

macOS Mojave: Features

Dark Mode

Advertisement - Article continues below

As the name suggests, users can switch their desktop to a dark colour scheme at will, something that's become a staple in most applications and software today. Not only do the colours change, but greater emphasis is placed on the content a user is interacting with, pushing controls to the background.

Apple has confirmed that built-in apps such as Mail, Messages, Calendar and Photos have been given redesigns to support darker colour schemes. An API is also being made available for developers wishing to create apps that support the new Dark Mode.

Stacks & navigation

The new Stacks feature aims to declutter desktops by automatically grouping folders together based on similar file types. Users can customise these stacks to display content based on date or time stamps, and an updated gallery view in Finder provides the option to skim through stacks using a visual slider. The Preview Pane has also been updated to display the metadata of files, making it much easier for users to get detailed information on media files at a glance.

Advertisement - Article continues below

A number of 'quality of life' shortcuts have also been added, including Quick Actions which gives more options from within the Finder pane, such as creating password-protected PDFs. Quick Look also provides a means of manipulating files at a glance without opening an app, such as cropping photos or making notes on a PDF.

News, Stocks, Home, Facetime

Mojave also brings a host of new apps to the macOS platform for the first time, specifically News, Stocks, Voice Memos and Home.

News is a fairly straight-forward aggregator application that pulls together articles, images and videos from a user's favourite publications and displays them in a single app. Home is all about Apple's smart home tech, allowing users to control their HomeKit-enabled devices from their Mac.

Voice Memos acts as a voice recording app for personal notes or meetings, the files of which can then be accessed through an iPhone or iPad, while Stocks provides the latest market news, as well as interactive charts and watchlists.

Advertisement - Article continues below

Apple's video messaging platform Facetime has also been updated, which now supports group chats.

App Store

Apple has also taken the opportunity to revamp its App Store. With Mojave, the store's discover tab will now highlight new and updated apps, and Create, Work, Play and Develop tabs should make it easier to sift through apps based on type.

Apple also confirmed a handful of high profile applications will soon be available through the store, including Microsoft Office and Adobe Lightroom CC.

macOS Mojave: Security

Apple was also keen to stress the importance of security in its software, and has introduced a number of nifty safeguards that aim to stop users from having their data collected without their consent.

Safari's Tracking Prevention feature blocks functions such as 'likes' or 'shares' from automatically tracking users without permission, while also hiding detailed user metadata when they visit websites. Safari now also automatically creates and stores strong passwords when users create accounts, and issues warnings when passwords are reused.

Changes under GDPR also mean that apps will be required to obtain permission from users before they access the Mac camera or microphone.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/hardware/mobile/355116/apples-iphone-12-could-be-delayed-by-months-due-to-the-coronavirus-crisis
Mobile

Apple's 5G iPhone 12 could be delayed by the coronavirus pandemic

26 Mar 2020
Visit/business/policy-legislation/355010/apple-fined-ps1bn-12bn-by-french-antitrust-regulator
Policy & legislation

Apple fined £1bn ($1.2bn) by French antitrust regulator

16 Mar 2020
Visit/laptops/21797/macbook-pro-15in-v-dell-xps-15
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

6 Mar 2020
Visit/mobile/mobile-phones/354905/apple-iphone-11-pro-review-very-nearly-the-perfect-phone
Mobile Phones

Apple iPhone 11 Pro review: Very nearly the perfect phone

3 Mar 2020

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020