Apple released Mojave 10.14, which issued security enhancements and patched vulnerabilities for the operating system.
The update fixes eight vulnerabilities affecting Bluetooth, App Store, Application Firewall, Auto Unlock, Crash Reporter, Kernel and Security.
The Bluetooth vulnerability is CVE-2018-5383, which researchers at the Israel Institute of Technology disclosed in July. The flaw can allow an attacker in physical proximity of two targeted devices to monitor and manipulate the traffic they exchange. The issue was previously resolved by Apple in iOS and macOS High Sierra.
The list of new flaws patched in the latest macOS version includes an App Store bug that allows a malicious app to determine the Apple ID belonging to the targeted device’s owner (CVE-2018-4324) and an application firewall issue that can be exploited by a sandboxed process to bypass restrictions (CVE-2018-4353).
Apple said macOS Mojave removes support for the RC4 encryption algorithm due to the existence of CVE-2016-1777, an old vulnerability patched in macOS Sierra in 2016.
In another development, just before Apple released Mojave, security researcher Patrick Wardle published a video showing a potentially serious flaw that can be exploited to bypass some of the operating system’s privacy protections.
Wardle discovered a malicious application can obtain data from a user’s address book despite not having the necessary permissions. The researcher has not made any technical details public to prevent abuse.
In addition, Apple released Dark Mode where Mojave users are able to choose between a light theme or the new dark theme, which changes the color of the dock, menu bar, apps, and other elements.
Apple introduced changes is MacOS’ Gatekeeper, which enforces code signing and verifies downloaded applications before allowing them to run, and System Integrity Protection (SIP), which protects system-owned files and directories against modifications by malware.