MacOS Zero-Day Allows Trusted Apps to Run Malicious Code

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Majove, despite mitigations.

A researcher has revealed a zero-day flaw in Apple’s Mojave operating system tied to the way the OS verifies apps. The bug allows attackers to sneak past macOS security measures and run whitelisted apps that have been manipulated to run malicious code.

macOS researcher Patrick Wardle revealed the flaw Monday, describing the exploitation of the bug as a second-stage attack method allowing an adversary to cloak further exploitation of a targeted system using a technique called synthetic mouse clicks. He said the bug shines a bright light on the fact Mojave’s application verification mechanism is “100 percent broken.”

Wardle, who is chief research officer at Digita Security and founder of Mac security company Objective-See, revealed the vulnerability at a security conference, Objective By The Sea, on Monday.

“Synthetic mouse clicks give an attacker an incredibly powerful capability,” he said. “In Mojave, Apple released a myriad of new privacy and security features that will block suspicious activity and display a pop-up requiring the user to allow an action. The goal of my research was to bypass all those new security and privacy mechanisms.”
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top