Malware, Network Security, Vulnerability Management

Def Con presenter: ‘Synthetic clicks’ exploit can help attackers install malware on Macs

A presentation at Def Con 2018 last week revealed an unpatched vulnerability in macOS devices that can allow malware to bypass certain security checks using a technique that fakes user mouse clicks.

Patrick Wardle, founder and chief research officer at Digita Security, reportedly demonstrated a zero-day exploit for the flaw, which takes advantage of a "synthetic clicks" feature that allows certain programs to generate virtual clicks using code instead of human power.

According to various reports [1, 2, 3], the vulnerability is a variation of a similar flaw Wardle had already discovered in the macOS mouse keys function, which Apple previously patched so that synthetic clicks would be prohibited when a potentially malicious program produces a prompt asking users to allow certain permissions. But while normally a synthetic click requires both a "down" and "up" command in the code, Wardle during his research accidentally inserted two "down" commands and found that it actually resulted in a synthetic click that was not blocked.

Even more concerning: the technique was effective when used to click on an "allow" prompt for installing a kernel extension -- a scenario that attackers could exploit with a malicious extension in order to hijack the kernel. However, for this exploit to work, attackers would first have to infect a targeted machine with malware capable of gaining a foothold in the device and generating the synthetic click code -- preferably during times of inactivity when the user may be unaware of what's taking place.

Wardle publicly revealed the exploit without giving Apple prior knowledge of the flaw because he felt the company should have been more diligent when it originally tried to fix the security issue, Wired reports. SC Media has reached out to Apple for comment.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.