The latest macOS ships with more than just Dark Mode and Stacks, but one researcher has already claimed to bypass Mojave’s updated privacy protections.

Apple launched its latest major update to macOS yesterday, with Mojave handing users a raft of new features and aesthetic improvements.

Among the headline OS changes being promoted by Apple is the new Dark Mode, which transforms the desktop to a darkened color scheme; improvements to Finder; group FaceTime calls with up to 32 people; and Stacks, which declutters the desktop by automatically organizing files into groups.

While Mojave’s new organizational and beautifying elements will likely be enough to satisfy Mac’s notoriously enthusiastic userbase, what’s perhaps more interesting (though less likely to grab headlines) is the trio of security and privacy enhancements that are included in the OS.

Data control

Under the hood, the latest iteration of Apple’s desktop operating system includes a new privacy feature designed to help users keep control of their data.

Similar to the permission system found in iOS, Mojave now requires all apps to request approval before they access users’ camera or microphone, along with data such as Messages history and Mail database.

The move marks the latest development in Apple’s ongoing push for user privacy and transparency among third-party developers.

Earlier this month, the company announced it would soon require all new apps or app updates to include a privacy policy that explains what user data they’re collecting and what they plan to do with it.

Safari in Mojave

Elsewhere, the updated Safari browser now features Intelligent Tracking Protection, which will help block social media ‘like’ or ‘share’ buttons and comment widgets from tracking users without permission.

Safari also presents simplified system information when users browse the web, preventing them from being tracked based on their system configuration.

“When you browse the web, the characteristics of your device can be used by advertisers to create a ‘fingerprint’ to track you,” Apple said. “Safari now thwarts this by only sharing a simplified system profile.”

In addition to tracking protection, Safari can now automatically create, store, and autofill strong passwords for users.

Security updates

Apple did not respond to The Daily Swig’s request for additional comment ahead of the launch of Mojave, but security notes attached to its latest release indicate that the company has addressed multiple issues impacting macOS devices running High Sierra or earlier versions.

Among the patched issues is an input validation flaw, discovered by Lior Neumann and Eli Biham, which could allow an attacker in a privileged network position to intercept Bluetooth traffic.

The company has also fixed a permissions issue that could enable a malicious application to determine a user’s Apple ID; a CrashReporter flaw that could allow an app to read restricted memory; and a bug in which an application may be able to execute arbitrary code with kernel privileges.

Desert storm

While Apple has a fiercely loyal fanbase, it remains to be seen whether the latest developments and features found in Mojave will be enough to quell rumors that the company is neglecting its desktop OS in favor of the iPhone.

The Cupertino tech giant’s relationship with consumers is one thing, but the launch of Mojave comes amid ongoing criticism surrounding the company’s approach to security in macOS.

Apple launched an invite-only bug bounty for iOS back in 2016, but to this day the organization has declined to roll out an equivalent program for its desktop operating system.

Although recent research suggests hackers continue to shun macOS targets in favor of more widely used operating systems, such as Windows and Linux, the raft of security updates included in the Mojave release once again acts as clear indication that macOS is far from bulletproof.

Indeed, yesterday’s widely anticipated launch of Mojave was somewhat clouded by security researcher Patrick Wardle’s announcement that he had already discovered a means of bypassing the operating system’s privacy protections.

“Mojave’s ‘dark mode’ is gorgeous,” Wardle tweeted yesterday. “…but its promises about improved privacy protections? kinda #FakeNews.”