|
|
|
|
|
|
by jeroenhd
818 days ago
|
|
|
Are these dialogs always rendered on top? I can imagine it wouldn't be too hard to perform some malicious high-risk actions (elevating permissions, disabling protections) and hiding the permission prompt by overlaying something a copy with something that sounds more benign. You're not leaking credentials there, but if you can get the user to give away the right permissions, you don't need to. On Android, where apps have the ability to draw on top of other apps (used for things like pop-out players and night light apps) it used to be possible to trick the user into opening their phone's settings and guiding them through a bunch of security options by overlaying a game and letting the taps fall through to the underlying app. This makes me wonder how well-protected macOS is against that kind of attack. |
|
|