Yet Another Vulnerability on Macs Allowing Hackers Access Discovered

NEWS: 09.03.18- As you take a break from laboring on your Mac this Labor Day holiday, you might want to know about another method that has been discovered allowing a hacker to gain access to a Mac which involves the simple click of a ubiquitous everyday peripheral and it occurs without the user even performing the action themselves.

In the game of cat and mouse between hackers and the Mac, one would expect the roles to be cliché but the roles are actually reversed this time around and appropriately so, with the cat being the Mac — an ode to when versions of Mac OS X were given names of big cats such as Tiger and Leopard for versions 10.4 and 10.5 respectively — and the hacker is the mouse.

Last month, an August 9 article from Wired magazine written by Lily Hay Newman reported that a hacker could gain access to a brand new Mac upon being taken out of its box the second a user connected the computer to Wi-Fi.

Three days later, and only a day before the news was shared here in this column (though this new piece of information was not discovered by this writer until only last week, thus the delay), a new report surfaced, also from Wired magazine, in an August 12 article written by Andy Greenberg which details the way a hacker can allow malware to be installed onto a Mac, or worst case scenario fully controlling it, by creating artificial clicks of the mouse.

Greenberg writes, “One way operating system developers try to protect a computer’s secrets from probing hackers is with an appeal to the human at the keyboard. By giving the user a choice to allow or deny programs access to sensitive data or features, the operating system can create a checkpoint that halts malware while letting innocent applications through.”

The security flaw at hand is posed by the question,”What if a piece of malware can reach out and click on that ‘allow’ button just as easily as a human?”

These attacks, which are automated and can happen without a user detecting it, occur when clicks of the mouse are artificially made through a command of malicious code. How can this happen? According to Greenberg, Mac OS has a feature that lets some applications like AppleScript or features like automation or accessibility tools for the disabled, perform artificial clicks of the mouse.

Those clicks then “…allow malware to breeze through prompts meant to block it. The result could be malware that, once it has found a way onto a user’s machine, can bypass layers of security to perform tricks like finding the user’s location, stealing their contacts, or with [the[ most surprising and critical technique, taking over the deepest core of the operating system, known as the kernel, to fully control the computer.”

Greenberg points out, however, that these attacks don’t allow a hacker complete control of a computer from the start but rather, assists them in getting their malware that has found its way onto a machine to bypass security measures put in place by Mac OS and completing the installation process. To put it in clearer terms, the malware must first make its way onto the computer, and in that malicious software is a piece of code that in essence guides the installation process of the malware by approving the allow commands through the clicks of the mouse.

The caveat about this hacker attack is that a user can take immediate action if they notice that their computer is controlling itself and mouse clicks are happening without the user doing it themselves. On the flip side, hackers can program the attack to occur when it is detected that a computer is not being used during system inactivity.

So what is a Mac user to do in order to protect themselves from this type of hack?

Referencing a different but related article from the OWC (also known as Other World Computing or weekly blog, “The Rocket Yard,” in an August 7 post by Tom Nelson, he educates Mac users about a defense built in to Mac OS called System Integrity Protection, or SIP for short. It is a security feature designed to protect most system locations, system processes, and kernel extensions from being written to, modified, or replaced and has been available since the release of Mac OS X version 10.11 El Capitan and newer versions up through the forthcoming Mac OS Mojave version 10.14.

Nelson writes, “Without a doubt, SIP helps keep your Mac secure by preventing many malware attack vectors from being successfully performed.”

Based on that fact alone, it would seem that attempts by hackers to install malware onto Macs already has a barrier of protection provided by Apple, which should give Mac users peace of mind over attacks by hackers on their computers.

By the same token, Nelson also writes that, “The benefit for all users is that the Mac is a harder platform to take over. Though it is by no means an impossible task. Malware developers will always find new ways to attack a platform.”

Which circles back to the attack method discussed in this article and the previous one from last month, illustrating that hackers have already found a way to circumvent Apple’s security measures. Though there is no mention whatsoever of the SIP feature being hacked in either of the two reports by Newman and Greenberg.

For the complete story on the artificial mouse clicks hack — or in case you missed it the first time, the story behind hacking a brand new Mac right out of the box — read the original Wired magazine article. And to learn more about SIP and how to enable or disable the feature (and why you would want to do either), read the educational article on “The Rocket Yard” blog by OWC.

Want to join the conversation? Comment below.

Share this post: