Collective Intelligence Podcast, Patrick Wardle on Synthetic Clicks in macOS Mojave

32:56
 
Share
 

Manage episode 235847156 series 2084211
By Tyler Predale and Michael Mimoso. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Digita Security Chief Research Officer Patrick Wardle discusses a macOS Mojave vulnerability he recently disclosed whereby an attacker can abuse synthetic clicks allowed by the OS to spy on users, access private data, or install additional malicious code.

Wardle disclosed the vulnerability during the Objective By The Sea conference in Monte Carlo earlier this month. He previously had privately disclosed the issue to Apple, which has yet to patch it, but has introduced a temporary mitigation.

The bug bypasses additional security protections Apple introduced in Mojave that specifically ban synthetic clicks without the user physically clicking through and permitting this action.

50 episodes