top of page

macOS exposed to Synthetic Mouse-Click attacks


These vulnerability could allow attackers to mimic mouse-clicks for kernel access.

According to the researcher, just by using two lines of code he found an Apple zero-day in the High Sierra operating system that could allow a local attacker to virtually “click” a security prompt and thus load a kernel extension.

Once obtained the Kernel access on a Mac, the attack can fully compromise the system.

Apple has already in place security measures to prevent attackers from mimicking mouse-clicks for approving security prompts presented to the user when attempting to perform tasks that can potentially expose to risks the system.

Apple mitigated the attack devised by implementing a new security feature dubbed “User Assisted Kernel Extension Loading,” a measure that force users to manually approve the loading of any kernel extension by clicking the “allow” button in the security settings UI.

The latest macOS versions, including High Sierra introduced a filtering mechanism to ignore synthetic events.

The expert explained that the operating system confuses a sequence of two-down as mouse “down” and “up.” The OS also confuse the “up” event as an internal event and for this reason, it is not filtered and it can be abused to interact with High Sierra’s user interface allowing to load kernel extensions.

POSTS RECENTES:
PROCURE POR TAGS:
bottom of page