Researcher finds MacOS Mojave flaw, links it to abuse of trusted apps

By Digit NewsDesk | Updated 4 Jun 2019
Researcher finds MacOS Mojave flaw, links it to abuse of trusted apps
  • ​Researcher finds flaw in macOS Mojave.
  • Reportedly, the flaw is in the way of how the OS handles ‘whitelist’ apps.
  • Apple is yet to issue a fix for this flaw.

With macOS Mojave, Apple introduced enhanced security features and privacy controls that restricted application access to system resources, files, and utilities. The files stay protected even if an attacker has malware on a machine. But now, a security researcher has found a flaw in an edition of macOS that can let an attacker run malicious files on the system. According to the researcher, this is done because Mojave doesn’t handle the verification of a certain number of apps correctly.


Researcher Patrick Wardle of Digita Security says that all this is related to synthetic clicks generated by apps. Now macOS Mojave essentially eliminates the synthetic clicks (or clicks that aren’t actually generated by the computer’s mouse or trackpad) made by all apps. This is done because they can be used to take actions without the users’ consent. But macOS Mojave has a small whitelist of apps that are still permitted to generate synthetic clicks.

The problem is not these apps but the way the synthetic clicks from these apps are handled in the OS. Apple checks the code-signing information of these whitelisted apps before allowing them to run. Wardle, however, found that these checks weren’t being performed correctly, which could lead to an attacker taking advantage of this flaw. According to the researcher, an attacker would only need a compromised Apple PC with macOS Mojave or have local access to a machine to take advantage of this loophole.

“In Mojave apple locks programs from being able to send synthetic clicks. It turns out it’s not fully true because there’s an undocumented whitelist of apps and any of those can send synthetic clicks. It appears to be popular apps that Apple wanted to allow for compatibility reasons. There’s code signing info in the whitelist. The way they perform the validation is incomplete, so a local attacker without any special privileges could use one of the apps in the whitelist and add some code to it and generate synthetic clicks and run it. The system would see this and check what program it was and allow it because it’s on the whitelist and not check if it’s been messed with,” quoted Wardle as saying.


The researcher said that he had already reported the vulnerability to Apple and a patch is currently in the works. However, there is no information on when it will be released. “The frustration is that they seem to be unable to completely fix this. While they’re touting all these security and privacy features, they still haven’t implemented this completely. This wasn’t an incredibly complex or subtle bug to find. I keep having to report these to them,” he said.

Apple recently launched macOS Catalina, a refresh to macOS Mojave. Visit this link to read about the latest macOS.

Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.

Recent Questions

how to do porting of apps?
Vivek Bhatt
Sept 3, 2014
Responses 2
vishal Pallerla
Sept 3, 2014
Sept 7, 2014
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment