Friday, April 4, 2025
HomemacOSmacOS Zero-Day Vulnerability Allows Hackers to Bypass Security Protections With Synthetic Clicks

macOS Zero-Day Vulnerability Allows Hackers to Bypass Security Protections With Synthetic Clicks

Published on

SIEM as a Service

Follow Us on Google News

A new zero-day vulnerability in macOS let hackers to bypass the system security warnings and to compromise easily with Synthetic Click. Security researcher Patrick Wardle revealed the critical vulnerability at his conference Objective By The Sea over this weekend.

Last year he showed that it is possible to create synthetic clicks the with automation scripts in macOS High Sierra, later in macOS Mojave the privacy protections have been exported.

Now he found another way to bypass the security protections to perform Synthetic Clicks and to access the user’s data without the user’s consent.

The vulnerability resides in ‘Apple’s code that checks only for the existence of the certificate but not the integrity of the Trusted apps. An attacker can tamper an application from the list of trusted apps to generate synthetic clicks, which was normally allowed by the operating system.

Wardle demonstrated the attack with VLC media player to deliver his malicious plugin for generating a synthetic click on prompt’s without user consent.

“”For VLC, I just dropped in a new plugin, VLC loads it, and because VLC loads plugins, my malicious plugin can generate a synthetic click — which is fully allowed because the system sees its VLC but ‘doesn’t validate that the bundle to make sure it ‘hasn’t been tampered with,” he explained to Techcrunch.

Synthetic Click

To execute the attack, the attacker should have physical access to the Laptop, but not required to have any elevated privileges.

https://twitter.com/objective_see/status/1135191522259816450

Wardle reported the vulnerability to Apple before a week, and the company confirms the report, but it is unclear when it is scheduled to address the vulnerability.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep yourself updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Ex-ASML Russian Employee Smuggled Trade Secrets to Moscow via USB

A former employee of Dutch semiconductor firm ASML, identified as German A. (43), stands...

Critical Apache Parquet Vulnerability Allows Remote Code Execution

A severe vulnerability has been identified in the Apache Parquet Java library, specifically within...

Halo ITSM Vulnerability Lets Attackers Inject Malicious SQL Code

A critical security flaw has been discovered in Halo ITSM, an IT support management software...

Australian Pension Funds Hacked: Members Face Financial Losses

Several of Australia’s largest superannuation funds have been targeted in a coordinated cyberattack, leading...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Water Gamayun Hackers Exploit MSC EvilTwin Zero-day Vulnerability to Hack Windows Machine

Water Gamayun, a suspected Russian threat actor, has been identified exploiting the MSC EvilTwin...

New “ReaderUpdate” macOS Malware Evolves with Nim and Rust Variants

Security researchers at SentinelOne have discovered that ReaderUpdate, a macOS malware loader platform that...

Windows MMC Framework Zero-Day Exploited to Execute Malicious Code

Trend Research has uncovered a sophisticated campaign by the Russian threat actor Water Gamayun,...