A security researcher was able to demonstrate in last week’s Defcon conference how a vulnerability (CVE-2017-7150) in recent versions of macOS could be exploited and lead to a “synthetic” mouse-click cyber attack.
According to Patrick Wardle, Chief Research Officer of Digita Security, he found the vulnerability could allow unprivileged code to interact with any UI component, to include “protected” security dialogues.
Wardle stumbled upon the Apple zero-day bug by “tweaking just two lines of code,” according to Threatpost.
In other words, hackers could mimic or virtually mouse-click a security prompt for kernel access on systems running Apple’s latest High Sierra OS. Apple had previously blocked such methods that could be abused by hackers and malware in order to synthetically approve security prompts.
An excerpt of the threat:
“Armed with the bug, it was trivial to programmatically bypass Apple’s touted ‘User-Approved Kext’ security feature, dump all passwords from the keychain, bypass 3rd-party security tools, and much more! And as Apple’s patch was incomplete (surprise surprise) we’ll drop an 0day that (still) allows unprivileged code to post synthetic events and bypass various security mechanisms on a fully patched macOS box!”
Wardle also mentioned that Apple’s next version of macOS, Mojave, will block all synthetic events. Although this feature could impact legitimate application functionality that uses such events.