>According to various reports [1, 2, 3], the vulnerability is a variation of a similar flaw Wardle had already discovered in the macOS mouse keys function, which Apple previously patched so that synthetic clicks would be prohibited when a potentially malicious program produces a prompt asking users to allow certain permissions. But while normally a synthetic click requires both a "down" and "up" command in the code, Wardle during his research accidentally inserted two "down" commands and found that it actually resulted in a synthetic click that was not blocked.
>Still requires you to download and install a trojan yourself >Only thing it does is allow the app to click "yes" on giving it certain rights for the user when the user runs it >Actually allowing the machine to install programs from un-trusted sources is a pain in the ass the kinds of users who will install a trojan don't actually have >Even if they can get a trusted developer to add this to their app Apple can just decline their certificate, thus killing all instances of the trojan Never change microshills... Never change...
To put this into perspective, this "hack" is like a method to get someone to trick you into letting them into your room after they've first broken trough several locked doors and a security guard.
No amount of calling people "mactoddlers" when they understand how pointless OSX trojans are when Gatekeeper exists and is configured to protect the kinds of people who install trojans from themselves is going to change anything. With the way Gatekeeper works and how it's configures for users who would actually fall for something like this, trojans are completely pointless on OSX.
Eli Williams
This.
Nolan Perry
wow.. it's fucking nothing. did you even read it? i guess not.