“One way operating system developers try to protect a computers’ secrets from probing hackers is with an appeal to the human at the keyboard. By giving the user a choice to ‘allow’ or ‘deny’ a program’s access to sensitive data or features, the operating system can create a checkpoint that halts malware while letting innocent applications through,” Andy Greenberg writes for Wired. “But former NSA staffer and noted Mac hacker Patrick Wardle has spent the last year exploring a nagging problem: What if a piece of malware can reach out and click on that ‘allow’ button just as easily as a human?”
“At the DefCon hacker conference Sunday in Las Vegas, Wardle plans to present a devious set of automated attacks he’s pulled off against macOS versions as recent as 2017 release High Sierra, capable of so-called synthetic clicks that allow malware to breeze through the permission prompts meant to block it,” Greenberg writes. “Wardle’s attacks, to be clear, don’t offer a hacker an initial foothold on a computer; they only help a hacker’s malware penetrate layers of security on an already infected machine. ”
Read more in the full article here.
MacDailyNews Take: Apple will patch this one up, too, and macOS gets even more secure!
[Thanks to MacDailyNews Readers “Fred Mertz” and “Ladd” for the heads up.]