Apple Announces Hot Fix for Zero-Day Synthetic Click Vulnerability

Apple recently revealed that a hotfix had been rolled out for MacOS Mojave. The patch is aimed to fix a synthetic click vulnerability.

As the company explained, this issue would have allowed hackers to dismiss on-screen security prompts. Patrick Wardle, a former NSA security researcher and the one who discovered this flaw, managed to circumvent the OS’s security protocols on three separate occasions.

How could Apple miss such a grave security breach?

Last June, Craig Federinghi, Apple’s vice president, highlighted during the Developers’ Conference, that Mojave, the latest Apple OS, has a new feature that allows the user to control the apps’ access to various sensitive components.

More specifically, the user can allow or deny an app’s request for using the camera, microphone, message box, or browsing history.

Interestingly enough, Wardle, who was also attending the Devs’ Conference, attempted to see if Mojave’s latest privacy feature was safe or a gateway for malware.

According to the former NSA cybersecurity researcher, he managed, not once, but three times, to circumvent the OS’s security prompts in order to access sensitive components.

As he explained, the breach was possible due to a feature called synthetic clicks. Normally, you would need an input device like a mouse or touchpad in order to click something.

Nowadays, systems employ non-user-input clicks for productivity purposes or for making UI easier for people with certain disabilities.

Wardle said that although most apps can use this feature, they would need to receive special permission from the user. However, some apps, like Steam, VLC Player, or Dreamweaver, can use synthetic clicks without requiring authorization from the user.

The cybersecurity expert used this knowledge in order to craft a malware code which tricked the system into believing that these apps have pre-authorization.

It worked. In fact, according to Wardle, the planted code worked so well, that he managed to gain access to sensitive components in a matter of seconds. More than that, the same flaw can be used in order to execute malware code with kernel privileges.

Days after Wardle exposed the vulnerability, Apple rolled out a fix and made assurances that the users’ privacy is not at risk.

Unfortunately, it would seem that the problem is far from over. Wanting to put the hotfix to the test, Wardle tried one more time to use the synthetic click flaw.

Again, he did it. The very same issue that Apple said was fixed continues to put machines running MacOS Mojave at risk.


So, what’s there to be done? Basically, nothing until Apple manages to fix this issue. In the meantime, you should take a closer look in your apps list to see which apps are allowed to use synthetic clicks.

Since no timeline has been announced, the best thing to do would be to disable this feature for all apps. You should also perform an in-depth malware scan. Start with the root, because that’s the place where malware fester.

What do you think about the recurring synthetic click issue? Head to the comments section and let us know your thoughts.

About Daniel Sadler

Old-school PC gamer, poetry buff, cat lover, tech wiz. His writing career began almost two decades ago when he modestly acknowledged that hindsight or, lack thereof, can compromise security. He enjoys spending quality time with his friends and family. Most of his friends refer to Daniel as a "man of a few words, but, man, what words!" His interests include cybersecurity, IT, blogging, and, of course, everything related to technology.

Leave a Reply

Your email address will not be published. Required fields are marked *