SB2018081302 - Security restrictions bypass in Apple macOS Sierra

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018081302

SB2018081302 - Security restrictions bypass in Apple macOS Sierra

Published: August 13, 2018 Updated: August 13, 2018

Security Bulletin ID SB2018081302
Severity
Low
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) ‘Synthetic’ Mouse-Click Attack (CVE-ID: CVE-2017-7150)

The vulnerability allows a local attacker to conduct Synthetic Mouse-Click attacks.

The weakness exists due to two consecutive synthetic mouse “down” events were incorrectly interpreted by High Sierra as a manual approval. A local attacker can leverage vulnerabilities in third-party kernel extensions to bypass Apple’s kernel code-signing requirements, virtually “click” a security prompt and load a malicious kernel extension to compromise the vulnerable system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References