D'après ce que je comprends, justement, l'exploit n'a pas besoin que l'utilisateur donne sa permission :

It's crucial to recognize that in my illustration of the vulnerability, there's no utilization of the open panel in TextEdit, no drag and drop, no user gesture that would convey special permissions. I use the open command in Terminal app, which could be run as easily by a shell script as by a person typing, and my sample Xcode project uses the API -[NSWorkspace openURLs: withApplicationAtURL: configuration: completionHandler], which also requires no user intervention and can be called silently by a maliciously crafted app.