This is probably the most serious vulnerability in macOS in history

Almost 30,000 last year. In the first half of 2018, almost 60,000. This is the number of malicious software developed for macOS systems based on data from honeypots. Apple systems, although they are still considered very safe, can not resist pressing statistics. And these are in an upward trend and only from one source. The total number of malware can be much larger. MacOS viruses have been intertwined in technical media with security vulnerabilities, and this "latest" CVE-2017-7150 is probably the most serious vulnerability in macOS in history.

The CVE-2017-7150 nomenclature is an old gap from March 2017, which according to a former employee of the NSA - an employed hacker by the US government, the creator of free Objective See security tools for macOS, and now the Chief Research Office at Digita Security - has not been fully patched .

Patrick Wardle demonstrated his experiment during the August conference of DEFCON . He showed that macOS High Sierra is susceptible to attacks using - as it was called - "synthetic clicks". The method consists in writing a malicious code that performs specific instructions and approves messages warning against elevation of privileges. The trick uses the system's mouse pointer control function using the keyboard .

mouse keys function

In fact, this is a new 0-day vulnerability in the old CVE-2017-7150 vulnerability.

Using the fact that the mouse pointer control function can "ignore" warning messages to access data with administrator privileges, it becomes possible to:

  • security bypass without root privileges,
  • isolation of ALL passwords,
  • extracting private keys saved in the system,
  • bypassing third party security,
  • allowing an incoming call,
  • installing a malicious script on the system,
  • and a lot more.

In fact, the attacker gains total control of the system.

Apple did not show up, because all the authorizations of malicious operations can be deceived in the same way as the CVE-2017-7150 reported in March 2017 (which apparently has been patched, but it turns out not to be):

macos gap

More details and Patrick's presentation are available on this page .

Apple claims that the reported vulnerability is already patched in the development version of the macOS Mojave system. Users of macOS High Sierra have two options: wait for a stable, new version of the system or install a beta version.

The presented method of bypassing macOS security is only possible if the user allows the launch of a malicious program. To protect the macOS system, we recommend tools from the Objective See project, as well as a reputable class of anti-viruses.



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.