A security researcher has found a new way to bypass security warnings by performing ‘Synthetic Clicks’ on behalf of users without requiring their interaction. Last June, Apple introduced a core security feature in MacOS that made it mandatory for all applications to take permission (“allow” or “deny”) from users before accessing sensitive data or components on the system. The feature is only available for Apple-approved apps, preventing malicious apps from abusing these programmatic clicks. Last year, security researcher Patrick Wardle, at that time, found a critical flaw in macOS that could have allowed malicious applications installed on a targeted system to virtually “click” security prompt buttons without any user interaction.
Source: https://thehackernews.com/2019/06/macOS-synthetic-click.html