A professional iOS developer Jeff Johnson has published an article on his blog post regarding a bug that can allow potential hackers to use a bogus version of Safari and steal the database of users.
According to Jeff, the bug will remain unattended by Apple until MacOS 11 Big Sur beta version is released to the public. He also claimed that he had been contacted Apple for the bug 6 months ago and hadn’t listen from them till now. As per the blog post, the potential hackers can easily trick people into downloading a malicious file that contains a safari clone. The latest update of the browser can easily give off the hacker’s access to all restricted files available to Safari.
The Mac and iOS developer said: “My Bypass demonstrates that a maliciously crafted app can access those files without being given the authorization. There are two maliciously crafted apps here: a modified version of safari, which accesses the protected files, and the app that modifies the Safari and launches the modified version of Safari. Any app that you download from the web could accomplish that privacy protection bypass. “
He further said: “My personal opinion is that macOS privacy protection is mainly security theater and only harm legitimate Mac developers while allowing malware apps to bypass them through many existing holes such as the one I am disclosing and that other security researchers have also found. The best security is to be selective about which software you install in your device.”