When you click on a button, a link, or an item on your computer, chances are you are doing it with your mouse. However it seems that recently it was discovered that macOS High Sierra is vulnerable to a “synthetic click” attack which is essentially a software-based clicking of the interface, meaning that your computer registers clicks that you might not even have made.
This means that in theory, hackers could use it to dismiss security notifications, or it could be used to enable permissions to apps, and so on. This attack was discovered by DigitaSecurity’s Chief Research Officer Patrick Wardle and revealed during Defcon 2018. According to Wardle, it seems that he stumbled across this flaw by accident when he discovered that his code’s actions were working around the restrictions put into place.
He said, “Two lines of code completely break this security mechanism. It is truly mind-boggling that such a trivial attack is successful. I’m almost embarrassed to talk about the bug as it’s so simple – though I’m actually more embarrassed for Apple.” The good news is that this flaw only seems to affect one version of macOS, which is High Sierra.
Wardle also points out that this issue will be fixed with the Mojave update which will block all synthetic events completely, although hopefully Apple will issue a patch for this as we’re sure that not all macOS users can or want to upgrade to Mojave upon its release.