Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

macOS zero-day in Mojave could allow Synthetic Clicks attacks

A security expert found a flaw could be exploited to bypass macOS security and privacy features by using synthetic clicks. The popular white hat hacker Patrick Wardle, co-founder and chief research officer at Digita Security, discovered a vulnerability that could be exploited to bypass security warnings by performing ‘Synthetic Clicks’ on behalf of users without […]

synthetic clicks

A security expert found a flaw could be exploited to bypass macOS security and privacy features by using synthetic clicks.

The popular white hat hacker Patrick Wardle, co-founder and chief research officer at Digita Security, discovered a vulnerability that could be exploited to bypass security warnings by performing ‘Synthetic Clicks’ on behalf of users without requiring their interaction.

In June, Apple introduced a core security feature in MacOS that force applications into taking permission from users before accessing sensitive data or components on the system (i.e. device camera, microphone, location data, photos, messages, and browsing history).

Wardle disclosed the issue over the weekend during the meeting arranged by his company.

Wardle explained that a “subtle code-signing issue” in macOS could allow the hack of any trusted application to generate synthetic clicks, bypassing the core security feature introduced in 2018. Malware developers and hackers might use synthetic mouse-click attacks to emulate human behavior in approving security warnings.

The attack could be triggered by an attacker with local access to the device when the screen is dimmed, this means that it could be very difficult to spot.

According to Wardle, no special privileges are required to carry out the attack.

The attack ties the Transparency Consent and Control (TCC) system, which maintains databases for privacy control settings. The system also includes a compatibility database, stored in the AllowApplicationsList.plist. This database is used to manage access to protected functions for specific versions of apps with specific signatures, it works as a sort of whitelist.

Wardle explained that an attacker can modify one of the applications in the whitelist and execute it to generate synthetic clicks. An attacker can download a modified version of the targeted app and run it. Apple is not able to detect the changes to the targeted app due to a flaw in code validation checks.

 synthetic clicks

Wardle discovered several issued in macOS that could be exploited to allow synthetic clicks, he publicly disclosed one in September 2018 and another one at DefCon 2018.

The security updates released by Apple over the time failed in completely addressing the issue allowing the expert to launch synthetic click attacks. Wardle reported his discovery to Apple a few days ago that acknowledged the problem and likely is already working to address it.

Waiting for a fix, macOS users could install the GamePlan, the endpoint protection product designed by Digita Security, that prevents synthetic clicks.


If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Apple, zero-day)

[adrotate banner=”5″]

[adrotate banner=”13″]