Yesterday Apple released the new Mojave operating system to the public. Claiming it has improved security and patched multiple vulnerabilities. These vulnerabilities include Bluetooth, App Store, Application Firewall, Auto Unlock, Crash Reporter, Kernel, and Security. Although a few of the listed vulnerabilities were previously patched in iOS, the new flaws include an App Store bug giving way to finding the Apple ID associated with the device’s owner (CVE-2018-4324). Also, they patched a firewall issue that is abused by sandboxing bypass restrictions (CVE-2018-4353), along with removing the support for the RC4 encryption algorithm stemming from CVE-2016-1777. Even though it has not yet been addressed, another critical vulnerability could be making its rounds that can access data from a user’s address book even without being granted permissions. The researcher who discovered the flaw has not released any information that would prevent the abuse.
