ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability by Mohit Kumar.
The gist of the attack:
…
Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application installed in the targeted system to virtually “click” objects without any user interaction or consent.To know, how dangerous it can go, Wardle explains: “Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? Click…allowed. Authorize keychain access? Click…allowed. Load 3rd-party kernel extension? Click…allowed. Authorize outgoing network connection? click …allowed.”
Wardle described his research into “synthetic” interactions with a user interface (UI) as “The Mouse is Mightier than the Sword,” showcasing an attack that’s capable of ‘synthetic clicks’—programmatic and invisible mouse clicks that are generated by a software program rather than a human.
…
Be sure to grab Wardle’s slides for: The Mouse is mightier than the sword.
It’s not a small file (194 MB) but it has goodies like:
and,
Not to mention numerous links and deep analysis of the Mac OS.
Enjoy!
PS: Do you think a current version of High Sierra has access to the files on Supreme Court nominee Brett Kavanaugh? The National Archives and Records Administration says it will take two months to review approximately 1 million records. If dumped, un-edited to the Internet, what? Two weeks? Tops?
To many eyes, all scandals (real or imagined) are transparent.