“In a presentation at the Def Con hacker convention in Las Vegas over the weekend, Wardle said it was trivial for a local attacker or malware to bypass many security mechanisms by targeting them at the user interface level,” Gooden reports. “When these security measures detect a potentially malicious action, they will block that action and then display an alert or warning. By abusing various programming interfaces built into macOS, malicious code could generate a programmatic click to interact or even dismiss such alerts. This ‘synthetic click,’ as Wardle called it, works almost immediately and can be done in a way that is invisible to the user.”
“Though many of Apple’s security alerts attempt to detect and ignore synthetic clicks, Wardle discovered that the privacy alerts, even on a fully updated High Sierra system, were not protected,” Gooden reports. “Apple representatives didn’t respond to an email seeking comment for this post. Wardle, for his part, said the bypass raises questions about how the company rolled out the improvements. ‘I wasn’t trying to find a bypass, but I uncovered a way to fully break a foundational security mechanism,’ said Wardle, who is the developer of the Objective-See Mac tools and chief research officer at Digita Security. ‘If a security mechanism falls over so easily, did they not test this? I’m almost embarrassed to talk about it.'”
Read more in the full article here.
MacDailyNews Take: Obviously, as we’ve been saying for years now, Apple’s quality control needs work.
Invisible mouse clicks let hackers burrow deep into an already-infected Mac – August 13, 2018