With Defcon in Vegas this weekend we've learned of a vulnerability in OSX security that will allow automated approval of kernel extensions bypassing user approval.
Patrick Wardle uncovered a flaw in High Sierra OS, which half of macOS systems run that does just that. He discovered that two consecutive synthetic mouse “down” events were incorrectly interpreted by High Sierra as a manual approval.
“For some unknown reason the two synthetic mouse ‘down’ events confuse the system and the OS sees it as a legitimate click,” he said. “This fully breaks a foundational security mechanism of High Sierra.”
Moreover he noted that in Apple’s next version of macOS, Mojave, Apple has chosen to simply block all synthetic events. Though this will generically prevent attacks based on synthetic events, it also will impact applications that legitimately make use of such events
https://threatpost.com/def-con-2018-apple-0-day-reopens-door-to-synthetic-mouse-click-attack/134951/
