Jun 11, 2019
Digita Security Chief Research Officer Patrick Wardle discusses a macOS Mojave vulnerability he recently disclosed whereby an attacker can abuse synthetic clicks allowed by the OS to spy on users, access private data, or install additional malicious code.
Wardle disclosed the vulnerability during the Objective By The Sea conference in Monte Carlo earlier this month. He previously had privately disclosed the issue to Apple, which has yet to patch it, but has introduced a temporary mitigation.
The bug bypasses additional security protections Apple introduced in Mojave that specifically ban synthetic clicks without the user physically clicking through and permitting this action.