Hacker finds a way around macOS warning pop-ups

By reviews / 15. August 2018
A close up of the 2018 MacBook Pro's logo, keyboard and a portion of the display.

If you use a Mac, youll be familiar with user warnings. Theyre the pop-up boxes that appear whenever you or an application tries to do anything out of the ordinary, such as accessing your contacts or location, just to make sure you actually know what youre doing.

Theyre slightly annoying, but a pretty clever part of the Macs defences against malware. The thinking is pretty clear: even if you are infected by malware, by making the user approve access to sensitive data, you can at least prevent hackers from getting to the truly juicy stuff.

RelatedBest laptops

Only, this method is not quite as foolproof as initially thought, as former National Security Agency (NSA) hacker Patrick Wardle revealed at the DEFCON hacker convention in Las Vegas.

Ars Technica reveals how Wardle discovered that the Mac operating system has a mode that converts keyboard presses into mouse actions, meaning that malware could theoreticallyclickthese pop-up boxes, cutting out the owner entirely. This would still be pretty obvious to an eagle-eyed Mac owner if it werent for the fact that macOS interprets two mouse-down buttons as clickingOK.’

As you might imagine, this made creating malware that could bypass the security pop-up pretty trivial: just a couple of extra lines of code. Adding these gave Wardle calendar access, alongside all of the Macs contacts, and accurate geolocation, on a system with a fully-updated version of High Sierra.

There is a big limitation to the exploit, of course. While the keyboard controls can fake anOKclick, they cant pop in your password for you, and the most sensitive settings and information tends to hide behind such prompts.  

Read more: Best laptop for students

In any case, Wardles research has ensured that the problem will be fixed in the upcoming version of macOS, Mojave. Nonetheless, its a timely reminder that it just takes one tiny weakness in an otherwise secure computers defence to give hackers the opening they need to do serious damage.

Do you feel secure in macOS? Let us know on Twitter @TrustedReviews.

The post Hacker finds a way around macOS warning pop-ups appeared first on Trusted Reviews.

Original source: https://www.trustedreviews.com/news/macos-popup-hacking-exploit-patrick-wardle-3531075

Leave a comment: