“Apple works hard to make its software secure. Beyond primary protections that prevent malware infections in the first place, company engineers also build a variety of defense-in-depth measures that are designed to lessen the damage that can happen once a Mac is compromised,” Dan Goodin reports for Ars Technica. “Now, Patrick Wardle, a former National Security Agency hacker and macOS security expert has exposed a major shortcoming that generically affects many of these secondary defenses.”
“In a presentation at the Def Con hacker convention in Las Vegas over the weekend, Wardle said it was trivial for a local attacker or malware to bypass many security mechanisms by targeting them at the user interface level,” Gooden reports. “When these security measures detect a potentially malicious action, they will block that action and then display an alert or warning. By abusing various programming interfaces built into macOS, malicious code could generate a programmatic click to interact or even dismiss such alerts. This ‘synthetic click,’ as Wardle called it, works almost immediately and can be done in a way that is invisible to the user.”
“Though many of Apple’s security alerts attempt to detect and ignore synthetic clicks, Wardle discovered that the privacy alerts, even on a fully updated High Sierra system, were not protected,” Gooden reports. “Apple representatives didn’t respond to an email seeking comment for this post. Wardle, for his part, said the bypass raises questions about how the company rolled out the improvements. ‘I wasn’t trying to find a bypass, but I uncovered a way to fully break a foundational security mechanism,’ said Wardle, who is the developer of the Objective-See Mac tools and chief research officer at Digita Security. ‘If a security mechanism falls over so easily, did they not test this? I’m almost embarrassed to talk about it.'”
Read more in the full article here.
MacDailyNews Take: Obviously, as we’ve been saying for years now, Apple’s quality control needs work.
Invisible mouse clicks let hackers burrow deep into an already-infected Mac – August 13, 2018