Two hours into his keynote at Apple’s Worldwide Developer's Conference last June, senior vice president Craig Federighi revealed a new privacy feature in MacOS Mojave that forces applications to ask the user if they want to "allow" or "deny" any request to access sensitive components and data, including the camera or microphone, messages, and browsing history. The audience dutifully applauded. But when ex-NSA security researcher Patrick Wardle watched that keynote at his home in Maui a few months later, he had a more dubious reaction.

Over the previous year, he had uncovered a way for malware to invisibly click through those prompts, rendering them almost worthless as a security safeguard—not once, but twice. After Wardle had revealed the bugs that allowed those click attacks—one before the WWDC keynote and another one two months later—Apple had fixed them. Now Wardle was watching Apple market those safeguards as an example of its devotion to security in its upcoming operating system.

Yesterday, just ahead of this year's WWDC, he's punched a hole in those protections for a third time. Exploiting a bug in Mojave, Wardle has shown yet again that any piece of automated malware can exploit a feature of MacOS known as "synthetic clicks" to breeze through security prompts, allowing the attacker to gain access to the computer's camera, microphone, location data, contacts, messages, and even in some cases to alter its kernel, adding malicious code to the deepest part of the operating system.

"The ability to generate synthetic clicks is more interesting than ever from an attacker's point of view," Wardle told WIRED ahead of a talk about the vulnerability he gave yesterday at a conference he organizes, Objective by the Sea. Even as Apple's marketing puts more weight on click-to-allow security prompts, he points out, the company still isn't stopping hackers from circumventing them with simple bugs. "The way they implemented this new security mechanism, it’s 100 percent broken. It's sad that they got onstage to make these claims but did nothing to back them up."

Synthetic clicks—clicks generated by a program rather than a human finger on a mouse or trackpad—have long been a useful tool for automation as well as accessibility for disabled users. To block malicious use of synthetic clicks, MacOS requires any application that uses them to be added by the user to an approved list. But Apple-focused blogger Howard Oakley found in November that there are some exceptions to this rule, included by default on MacOS systems. This short, strange list of applications—including some versions of VLC, Adobe Dreamweaver, Steam, and other programs—can use synthetic clicks without requiring the user's pre-approval.

Wardle read Oakley's post that pointed to the list in April. Within an hour of discovering it, Wardle says he figured out a way to trick MacOS into treating his own malware as a part of the white list. Due to an error in how Apple implemented code signing for that list—a feature that checks if the code of an application has been signed with a legitimate cryptographic key to prove its identity—Wardle found he could simply modify an approved program like VLC to include his malware. Despite the code modifications, MacOS would verify that his program was a copy of VLC and allow it to generate clicks at will.

"It's like doing an ID check, but not checking the validity of the ID, just checking the name on it," Wardle says. "Because Apple has messed up the verification, they don’t detect that I've modified and subverted VLC, so they allow my synthetic click. So I can bypass all of these new Mojave privacy measures."

Although the "allow" or "deny" security prompt would still appear briefly on the screen before a synthetic click dismissed it, Wardle points out that his malware can also dim the screen so that the computer appears to be sleeping. That means he can carry out a synthetic click attack without the prompt ever becoming visible to the user.