This is why Firefox disables the Allow button for a few seconds when installing an add-on.
But I can still click on it. And it would be pain for users to have to wait between each rule validation. I rather use what Apple did: https://twitter.com/pwnsdx/status/812653042898243584 but it looks like there is absolutely no documentation about how they did. If anyone know how they did it, feel free to PM
I would imagine there’s some way to tell whether an NSEvent or CGEvent is synthetic, similar to how X11’s XEvent struct has a send_event flag that applications like xterm can check for and block (when allowSendEvents is off).
Seems kind of strange that EnableSecureEventInput doesn’t do anything regarding mouse input.
He didn’t disclosed how exactly he did simulated mouse events capture but it should be the same as for keyboard.
I would assume it would be trivial for the little snitch devs to defeat this by randomizing whatever ID(s) this is looking for.
Nah, it’s much harder than that to mitigate the issue.