Researcher finds MacOS Mojave flaw, links it to abuse of trusted apps

By Digit NewsDesk | Published on Jun 04 2019
Researcher finds MacOS Mojave flaw, links it to abuse of trusted apps
HIGHLIGHTS

​Researcher finds flaw in macOS Mojave.

Reportedly, the flaw is in the way of how the OS handles ‘whitelist’ apps.

Apple is yet to issue a fix for this flaw.

Make your home smarter than the average home

Make your life smarter, simpler, and more convenient with IoT enabled TVs, speakers, fans, bulbs, locks and more.

Click here to know more

With macOS Mojave, Apple introduced enhanced security features and privacy controls that restricted application access to system resources, files, and utilities. The files stay protected even if an attacker has malware on a machine. But now, a security researcher has found a flaw in an edition of macOS that can let an attacker run malicious files on the system. According to the researcher, this is done because Mojave doesn’t handle the verification of a certain number of apps correctly.

Researcher Patrick Wardle of Digita Security says that all this is related to synthetic clicks generated by apps. Now macOS Mojave essentially eliminates the synthetic clicks (or clicks that aren’t actually generated by the computer’s mouse or trackpad) made by all apps. This is done because they can be used to take actions without the users’ consent. But macOS Mojave has a small whitelist of apps that are still permitted to generate synthetic clicks.

The problem is not these apps but the way the synthetic clicks from these apps are handled in the OS. Apple checks the code-signing information of these whitelisted apps before allowing them to run. Wardle, however, found that these checks weren’t being performed correctly, which could lead to an attacker taking advantage of this flaw. According to the researcher, an attacker would only need a compromised Apple PC with macOS Mojave or have local access to a machine to take advantage of this loophole.

“In Mojave apple locks programs from being able to send synthetic clicks. It turns out it’s not fully true because there’s an undocumented whitelist of apps and any of those can send synthetic clicks. It appears to be popular apps that Apple wanted to allow for compatibility reasons. There’s code signing info in the whitelist. The way they perform the validation is incomplete, so a local attacker without any special privileges could use one of the apps in the whitelist and add some code to it and generate synthetic clicks and run it. The system would see this and check what program it was and allow it because it’s on the whitelist and not check if it’s been messed with,” Duo.com quoted Wardle as saying.

The researcher said that he had already reported the vulnerability to Apple and a patch is currently in the works. However, there is no information on when it will be released. “The frustration is that they seem to be unable to completely fix this. While they’re touting all these security and privacy features, they still haven’t implemented this completely. This wasn’t an incredibly complex or subtle bug to find. I keep having to report these to them,” he said.

Apple recently launched macOS Catalina, a refresh to macOS Mojave. Visit this link to read about the latest macOS.

Videos

Apple iPhone XR (256GB) in depth Review | Digit.in
logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.