Your new post is loading...
The researcher says that bypassing Kext protections was "trivial," and the zero-day bug permits unprivileged code usage in order to "post synthetic events and bypass various security mechanisms on a fully patched macOS box."
The problem lies in the approval, or rejection, of synthetic events in the latest version of macOS. When two synthetic "down" events run, High Sierra interprets the attack as a manual approval via one "down" and one "up" click, which gives attackers a path straight to system compromise
Wardle told attendees that the bug was found by accident as he copied and pasted code, setting the script to click a synthetic mouse "down" twice without meaning to.
"Two lines of code completely break this security mechanism," Wardle told the publication. "It is truly mind-boggling that such a trivial attack is successful."
The next version of the OS, Mojave, will block synthetic events entirely, according to the researcher. However, the security community has expressed concerns that this could hamper the functionality of legitimate apps and services.
ZDNet has reached out to Apple and will update if we hear back.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
The researcher says that bypassing Kext protections was "trivial," and the zero-day bug permits unprivileged code usage in order to "post synthetic events and bypass various security mechanisms on a fully patched macOS box."
The problem lies in the approval, or rejection, of synthetic events in the latest version of macOS. When two synthetic "down" events run, High Sierra interprets the attack as a manual approval via one "down" and one "up" click, which gives attackers a path straight to system compromise
Wardle told attendees that the bug was found by accident as he copied and pasted code, setting the script to click a synthetic mouse "down" twice without meaning to.
"Two lines of code completely break this security mechanism," Wardle told the publication. "It is truly mind-boggling that such a trivial attack is successful."
The next version of the OS, Mojave, will block synthetic events entirely, according to the researcher. However, the security community has expressed concerns that this could hamper the functionality of legitimate apps and services.
ZDNet has reached out to Apple and will update if we hear back.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security