The macOS operating system has been found to possess a critical security flaw, the malware technique is known as “synthetic clicks”. In essence this allows for various apps and scripts to bypass the security prompts and access sensitive data.
Synthetic Clicks Allow Easy macOS Security Bypass
A security expert has identified a very dangerous security flaw in the macOS operating system made by Apple which undermines its whole data protection strategy. The issue lies within the recently announced security mechanism in the Mojave version of the operating system — whenever some kind of personal information is requested a prompt is shown to the victims. To allow the action they need to confirm it by showing the reason. According to the security principles this is done so in order to prevent switching on devices like the microphone or webcam without the consent of victims. However it appears that this system can be easily bypassed.
The way this is done is via the so-called synthetic clicks which were previously done by scripts (using AppleScript) and malware code — the hacker-made code was able to automate the mouse keys and keyboard to automatically accept the prompt. Apple was quick to fix the problems by issuing a patch blocking all synthetic clicks. Their solution was to require the users to physically click on the acknowledge prompts.
However another malicious approach has been discovered which allows for hackers to bypass patched systems. The flaw is categorized as a zero-day vulnerability which originates from an undocumented whiletilist of approved apps that may create synthetic clicks by themselves. The reason why this is done so is because they operated with a a wide range of files and this prevents them from breaking up their operations. These applications are typically signed with a digital certificate in order to prove that they are genuine and originate from a well-known source. However the researcher has reported that the code merely checks if the certificate exists and doesn’t properly verify it. As a result this means that practically every application can use the synthetic clicks technique to bypass the security prompts.
It appears that one of the most popular applications that are affected is the VLC media player. Prospective hackers may use it as a multi-stage infection technique by empowering an advanced infection scenario. Apple has not yet developed a patch for this particular bug. We expect one to be available soon. All macOS users should apply any forthcoming security fixes as soon as possible.