New MacOS Zero Day Attack Allows Trusted Apps to Run Malicious Code
A security researcher by the name of Patrick Wardle has reported a new zero day flaw in Apple's Mojave OS tied to the way the OS verified apps. The flaw which can be identified as a second stage payload allows attackers to sneak past macOS security measures and run whitelisted apps that have been manipulated to run malicious code on to the devices.
Patrick Wardle who describes the exploitation of the bug as a second stage attack method that allows an adversary to cloak further exploitation of a targeted system using a technique called synthetic mouse clicks.
Patrick stated " Synthetic mouse clicks give an attacker an incredibly powerful capability. In Mojave, Apple released a myriad of new privacy and security features that will block suspicious activity and display a pop-up requiring the user to allow an action. The goal of my research was to bypass all those new security and privacy mechanisms.”
The malicious attack can allow for an attacker to trigger synthetic mouse clicks on the Apple device that are unknown to the end user. These actions can in turn approve malicious behaviors such as turning on a targeted system's microphone, disclosing the GPS coordinates of a user's computer, agreeing to the installation of software, granting permissions, or opening additional applications.
Apple has been identified of the vulnerability but no patch or resolution have been made as of yet.