Security researcher has spotted a number of in the hack protection systems used by macOS and — with — has identified (via ) a significant new flaw: an attacker can use a malicious plugin for a trusted app to seize control of a user’s microphone, camera, and location data, thanks to a variation on an exploit that’s been known for four years.

The exploit relies on several tricks. One is macOS’ susceptibility to “synthetic clicks,” an attack that lets an app automatically click on dialog boxes like a human would, agreeing to installation of software; granting permissions; or opening additional apps, such as Terminal. Another is an “undocumented whitelisting feature” of macOS that quietly creates a list of apps that are allowed to use synthetic

Read More At Article Source | Article Attribution