Two hours into his keynote at Apple’s Worldwide Developer’s Conference last June, senior vice president Craig Federighi revealed a new privacy feature in MacOS Mojave that forces applications to ask the user if they want to “allow” or “deny” any request to access sensitive components and data, including the camera or microphone, messages, and browsing history. The audience dutifully applauded. But when ex-NSA security researcher Patrick Wardle watched that keynote at his home in Maui a few months later, he had a more dubious reaction.
Over the previous year, he had uncovered a way for malware to invisibly click through those prompts, rendering them almost worthless as a security safeguard—not once, but twice. After Wardle had revealed the bugs that allowed those click attacks—one before the WWDC keynote and another one two months later—Apple had fixed them. Now Wardle was watching Apple market those safeguards as an example of its devotion to security in its upcoming operating system.
Yesterday, just ahead of this year’s WWDC, he’s punched a hole in those protections for a third time. Exploiting a bug in Mojave, Wardle has shown yet again that any piece of automated malware can exploit a feature of MacOS known as “synthetic clicks” to breeze through security prompts, allowing the attacker to gain access to the computer’s camera, microphone, location data, contacts, messages, and even in some cases to alter its kernel, adding malicious code to the deepest part of the operating system.
“The ability to generate synthetic clicks is more interesting than ever from an attacker’s point of view,” Wardle told WIRED ahead of a talk about the vulnerability he gave yesterday at a conference he organizes, Objective by the Sea. Even as Apple’s marketing puts more weight on click-to-allow security prompts, he points out, the company still isn’t stopping hackers from circumventing them with simple bugs. “The way they implemented this new security mechanism, it’s 100 percent broken. It’s sad that they got onstage to make these claims but did nothing to back them up.”
Synthetic clicks—clicks generated by a program rather than a human finger on a mouse or trackpad—have long been a useful tool for automation as well as accessibility for disabled users. To block malicious use of synthetic clicks, MacOS requires any application that uses them to be added by the user to an approved list. But Apple-focused blogger Howard Oakley found in November that there are some exceptions to this rule, included by default on MacOS systems. This short, strange list of applications—including some versions of VLC, Adobe Dreamweaver, Steam, and other programs—can use synthetic clicks without requiring the user’s pre-approval.
Wardle read Oakley’s post that pointed to the list in April. Within an hour of discovering it, Wardle says he figured out a way to trick MacOS into treating his own malware as a part of the white list. Due to an error in how Apple implemented code signing for that list—a feature that checks if the code of an application has been signed with a legitimate cryptographic key to prove its identity—Wardle found he could simply modify an approved program like VLC to include his malware. Despite the code modifications, MacOS would verify that his program was a copy of VLC and allow it to generate clicks at will.
“It’s like doing an ID check, but not checking the validity of the ID, just checking the name on it,” Wardle says. “Because Apple has messed up the verification, they don’t detect that I’ve modified and subverted VLC, so they allow my synthetic click. So I can bypass all of these new Mojave privacy measures.”
Although the “allow” or “deny” security prompt would still appear briefly on the screen before a synthetic click dismissed it, Wardle points out that his malware can also dim the screen so that the computer appears to be sleeping. That means he can carry out a synthetic click attack without the prompt ever becoming visible to the user.
WIRED reached out to Apple for comment on the new synthetic click vulnerability Wardle discovered, but the company hasn’t yet responded.
Wardle concedes that his exploit by itself doesn’t allow a remote attacker to hack a Mac across the internet. The attacker would need to already have remote access to a victim machine or have installed a malicious application. But if a hacker can gain that initial foothold, say, with a malicious attachment in a phishing email or another common technique, it could allow malware to expand its access much deeper into a target system.
In the worst-case scenario, Wardle’s synthetic clicks could be used to install a so-called kernel extension, an alteration to the operating system’s kernel for which MacOS requires the user to click “allow.” Kernel extensions—like drivers in Windows—have to be cryptographically signed by a legitimate developer to be installed in MacOS. But hackers have in some cases installed a legitimate kernel extension that contains a security flaw, and then used that flaw to gain full access to the deepest recesses of a target machine. “If you can infect the kernel, you can see everything, bypass any security mechanism, hide processes, sniff user keystrokes,” Wardle explained when he described another synthetic click attack to WIRED last year. “It’s really game over.”
The bug in Mojave that Wardle revealed yesterday marks the third time he’s exposed a flaw in Apple’s safeguards against synthetic clicks. In earlier research, he’s shown that while MacOS tried to block synthetic clicks on security prompts, his malware could click through them by using an obscure feature called “mouse keys” that essentially allows mouse control via the keyboard. Apple patched this hack, but a few months later, Wardle found that he could circumvent the patch with an even stranger technique. A synthetic click includes two commands, a “down” click and an “up” click, just as with a physical mouse. Wardle discovered that two “down” commands was also somehow interpreted as a click, but it wasn’t subject to the same safeguards. Using that allowed him to click through the security prompt blocking a kernel extension.
Wardle says he told Apple about his latest attack just a week before revealing it—hardly enough time, he admits, for the company to patch it. But after seeing so many repeated errors, he’s frustrated with Apple’s carelessness and wanted to apply more pressure by dropping the unpatched bug in public. “My approach of responsible disclosure isn’t working at all,” he says. “So I’m trying an alternate route to inspire Apple.”
Apple’s ongoing failure to fix bugs in the same security mechanism—one it even featured onstage at WWDC—points, he says, to more deep-seated problems in the company’s approach to security. “Why aren’t they auditing this code before releasing it? Especially when they’re getting up on stage and touting all these security features that are essentially worthless,” Wardle says. “If you don’t do a good job with the implementation, all of it is just marketing.”