Mac OS Privacy Protection Bypass gets exposed

Mac's TCC system (Transparency, Consent, and Control) protects specific sections of the computer's file system from being accessed by unauthorized applications.

Jeff Johnson discovered a vulnerability that allows a user-installed app can have access to file contents restricted by a Mac's TCC system at ~/Library/Safari. He has seen this exploit work in macOS 10.14.6 and 10.15.2.

Part of the reason he has chosen to disclose this issue is his concern that the platforms that claim to protect the user are not doing so in the complete sense of the claim. He has not been given a straight forward answer in regard to Apple's move to patch this vulnerability to date, and neither does he see himself benefiting from the recently launched Apple Security Bounty Program.

Photo by Markus Spiske from Pexels