An unpatched flaw in the app verification process on macOS Mojave allows legacy apps to load and execute unverified code on the machine. The bug is easy to exploit and allows generating synthetic clicks for malicious actions. This is the second zero-day issue disclosed in a little over a week that affects MacOS Mojave. The vulnerability is “100% fully broken”” as it is possible to modify an app trusted to generate synthetic clicks and thus use it for malicious action
Source: