Security News Apple zero-day exposes macOS to Synthetic Mouse-Click attacks

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Patrick Wardle, the popular white hat hacker, has discovered a zero-day vulnerability that could allow attackers to carry out synthetic mouse-click attacks

Patrick Wardle, the popular white hat hacker and chief research officer at Digita Security, has discovered a zero-day vulnerability that could allow attackers to mimic mouse-clicks for kernel access.

Wardle presented his discovery during the Def Con 2018 conference in Las Vegas, he explained that by using two lines of code he found an Apple zero-day in the High Sierra operating system that could allow a local attacker to virtually “click” a security prompt and thus load a kernel extension.

Once obtained the Kernel access on a Mac, the attack can fully compromise the system.

Apple has already in place security measures to prevent attackers from mimicking mouse-clicks for approving security prompts presented to the user when attempting to perform tasks that can potentially expose to risks the system.
Patrick Wardle has discovered a flaw that allows attackers to bypass such kind of security measures through Synthetic Mouse-Click attacks.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top