Can hackers (still) take over your Mac with… imperceptible clicks?

Hacking a Mac remotely is a very difficult task because it is a system with a solid firewall and some robust security features, the task of hacking a Ma computer is usually reserved for task forces from states or large organizations and is aimed only at targets of maximum interest. (that is, nothing that most of us need to worry about).

Still, sometimes there are some bugs that make this whole process significantly easier. This is the case of the discovery that we will deal with next, brought by Threatpost.

The security researcher Patrick Wardle, from Digita Security, revealed at the Defcon conference a bug he discovered that allows hackers to take control of a Mac remotely through synthetic actions or, in this case, “invisible” clicks, which occur only via software and can be activated by applications or external agents.

These clicks can authorize malicious software permission requests and free access to System Keys or even the installation of an extension of kernel which can be very dangerous and expose your Mac to the control of external agents without much difficulty.

It’s good to note that macOS High Sierra added a new security feature called “User Assisted Kernel Extension Loading”, created precisely to prevent this type of attack: with it, the system avoids the recognition of synthetic clicks when approval boxes of this type, sensitive to system security, appear on the screen. it is precisely in this resource that is the bug discovered by Wardle.

It is explained: for macOS, the “click” action actually consists of two acts: the first is the down, when you press the mouse or trackpad, and the second up, when you let go. In order for the click to be computed, both actions need to be registered in a certain period of time and the “User Assisted Kernel Extension Loading” it works by temporarily blocking the combination of down and up actions followed in synthetic controls, supposedly protecting your Mac.

What Wardle found is that the security feature accepts two down or up records in a row as well as a click and, in this case, has no certain protection. That is, a malicious programmer could alter two lines of code in software that already has permission to perform synthetic actions and cause it to install kernels unwanted effects on your machine or take other potentially dangerous actions.

It is good to note that the possibility of you falling into such a small attack: for this, you first need to give software permission to perform synthetic actions. In addition, the flaw affects only macOS High Sierra Wardle noted in the presentation that Apple will block synthetic actions completely from macOS Mojave.

Still, the reminder remains for you to never grant authorizations sensitive to applications that you do not completely trust: you never know what the intentions behind it are, after all.

via AppleInsider