[Infowarrior] - Ex-NSA hacker drops macOS High Sierra zero-day hours before launch
Richard Forno
rforno at infowarrior.org
Mon Sep 25 14:48:29 CDT 2017
(ZDNet just had to say 'ex-NSA' to make a more sensational headline. Who cares where they're from? --rick)
Ex-NSA hacker drops macOS High Sierra zero-day hours before launch
The vulnerability lets an attacker steal the contents of a Keychain — without needing a password.
By Zack Whittaker for Zero Day | September 25, 2017 -- 16:43 GMT (09:43 PDT) | Topic: Security
http://www.zdnet.com/article/apple-macos-high-sierra-password-vulnerable-to-password-stealing-hack/
Just hours before Apple is expected to roll out the new version of its desktop and notebook operating system, macOS High Sierra, a security researcher dropped a zero-day.
Patrick Wardle, a former NSA hacker who now serves as chief security researcher at Synack, posted a video of the hack -- a password exfiltration exploit -- in action.
Passwords are stored in the Mac's Keychain, which typically requires a master login password to access the vault.
But Wardle has shown that the vulnerability allows an attacker to grab and steal every password in plain-text using an unsigned app downloaded from the internet, without needing that password.
He tweeted a short video demonstrating the hack.
Wardle created a "keychainStealer" app demonstrating an exploit for the vulnerability, which according to the video, can expose passwords to websites, services, and credit card numbers when a user is logged in.
That exploit could be included in a legitimate-looking app, or be sent by email.
In his tweet, Wardle suggested that Apple should launch a macOS bug bounty program "for charity." Right now, Apple only has a bug bounty for iPhones and iPads, which pays up to $200,000 for high-end secure boot firmware exploits.
It's the second zero-day that Wardle found for the operating system this month -- the first shows how the new software's secure kernel extension loading feature is vulnerable to bypass.
Apple did not respond to a request for comment at the time of writing.
More information about the Infowarrior
mailing list