1. 9

  2. 4

    This is why Firefox disables the Allow button for a few seconds when installing an add-on.

    1. 1

      But I can still click on it. And it would be pain for users to have to wait between each rule validation. I rather use what Apple did: https://twitter.com/pwnsdx/status/812653042898243584 but it looks like there is absolutely no documentation about how they did. If anyone know how they did it, feel free to PM

      1. 2

        I would imagine there’s some way to tell whether an NSEvent or CGEvent is synthetic, similar to how X11’s XEvent struct has a send_event flag that applications like xterm can check for and block (when allowSendEvents is off).

        Seems kind of strange that EnableSecureEventInput doesn’t do anything regarding mouse input.

        1. 1


          https://twitter.com/JZdziarski/status/813052980127821827 https://twitter.com/JZdziarski/status/813391275059777537

          He didn’t disclosed how exactly he did simulated mouse events capture but it should be the same as for keyboard.

    2. 2

      I would assume it would be trivial for the little snitch devs to defeat this by randomizing whatever ID(s) this is looking for.

      1. 1

        Nah, it’s much harder than that to mitigate the issue.