Hello, welcome to the Tuesday, June 4, 2019 edition of the Sandinand Storms and a stormcast.

My name is Johannes Ulrich, and I am recording from Jacksonville, Florida.

Today's Apple News don't just come from the Worldwide Developer Conference, but also from the

Objective by the Sea Conference. Patrick Ward from the Objective by the C conference.

Patrick Wardle used Objective by the C in order to release details regarding new vulnerability

in Apple's latest operating system, Mac OS Mojave.

This vulnerability actually allows attackers to bypass some of the restrictions being put in place

about a year ago when Apple did announce macOS mojave and some of these new security features.

Applications now have to ask for permission to get access to sensitive

components like the camera and the microphone. The way this is implemented is that there is a pop-up

dialogue and the user has to click OK. The problem that Apple had to overcome here was that there are also synthetic events, essentially

applications clicking on dialog boxes.

This is often used to automate some workflows.

So what Apple did is that it prevented these synthetic clicks from affecting these security dialogues.

However, well, nothing is really all that easy.

The problem that Apple ran into was that some legacy applications relied on that functionality,

so Apple included a white list of applications that were still able to send

synthetic clicks to these security dialogues.

What Patrick now found out is, well, if you listen to what I just said, pretty obvious

in that what you can do now as an attacker is you can actually take one of these

white listed applications and trick it into clicking on these security dialogues

and the result is that you're able to bypass all of these restrictions.

...