Jump to content

Ex-NSA hacker drops macOS High Sierra zero-day hours before launch


RV_
 Share

Recommended Posts

The vulnerability lets an attacker steal the contents of a Keychain — without needing a password.

Excerpt:

"Just hours before Apple is expected to roll out the new version of its desktop and notebook operating system, macOS High Sierra, a security researcher dropped a zero-day.

Patrick Wardle, a former NSA hacker who now serves as chief security researcher at ‎Synack, posted a video of the hack -- a password exfiltration exploit -- in action.

Passwords are stored in the Mac's Keychain, which typically requires a master login password to access the vault.

But Wardle has shown that the vulnerability allows an attacker to grab and steal every password in plain-text using an unsigned app downloaded from the internet, without needing that password.

He tweeted a short video demonstrating the hack."

The article and much more is here:

http://www.zdnet.com/article/apple-macos-high-sierra-password-vulnerable-to-password-stealing-hack/?loc=newsletter_large_thumb_related&ftag=TREc64629f&bhid=19724681974700635514865380622813

 

Link to comment
Share on other sites

They will release an upgrade with security patches at some point.   And it will be soon after all the other problems with High Sierra are identified and 'fixed'', which is why I never upgrade  to a new system during the first few weeks after release.

Pieere,  as I read the press release it said older operating systems that are Mac X series could also vulnerable.  

Barb

 

Link to comment
Share on other sites

Apple tried to reassure their customers saying Gatekeeper prevents it and that is erroneous. If you own an Apple Machine I would do as Barb Suggests and wait until all the fallout is over.

For today's new about Apple's answer that gatekeeper prevents it the answer is no. If you own an Apple read this and pass it on to any other friends using Apple:

https://threatpost.com/gatekeeper-alone-wont-mitigate-apple-keychain-attack/128172/?utm_source=newsletter&utm_medium=Email&utm_campaign=tp daily digest

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

RVers Online University

campgroundviews.com

Our program provides accurate individual wheel weights for your RV, toad, and tow vehicle, and will help you trim the pounds if you need to.

RV Cable Grip

RV Cable Grip

All the water you need...No matter where you go

Country Thunder Iowa

Nomad Internet

Rv Share

Dish For My RV.

RV Air.

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo



×
×
  • Create New...