[Infowarrior] - Ex-NSA hacker drops macOS High Sierra zero-day hours before launch

Richard Forno rforno at infowarrior.org
Mon Sep 25 14:48:29 CDT 2017 

(ZDNet just had to say 'ex-NSA' to make a more sensational headline.  Who cares where they're from? --rick)

Ex-NSA hacker drops macOS High Sierra zero-day hours before launch

The vulnerability lets an attacker steal the contents of a Keychain — without needing a password.
 
By Zack Whittaker for Zero Day | September 25, 2017 -- 16:43 GMT (09:43 PDT) | Topic: Security

http://www.zdnet.com/article/apple-macos-high-sierra-password-vulnerable-to-password-stealing-hack/

Just hours before Apple is expected to roll out the new version of its desktop and notebook operating system, macOS High Sierra, a security researcher dropped a zero-day.

Patrick Wardle, a former NSA hacker who now serves as chief security researcher at ‎Synack, posted a video of the hack -- a password exfiltration exploit -- in action.

Passwords are stored in the Mac's Keychain, which typically requires a master login password to access the vault.

But Wardle has shown that the vulnerability allows an attacker to grab and steal every password in plain-text using an unsigned app downloaded from the internet, without needing that password.

He tweeted a short video demonstrating the hack.

Wardle created a "keychainStealer" app demonstrating an exploit for the vulnerability, which according to the video, can expose passwords to websites, services, and credit card numbers when a user is logged in.

That exploit could be included in a legitimate-looking app, or be sent by email.

In his tweet, Wardle suggested that Apple should launch a macOS bug bounty program "for charity." Right now, Apple only has a bug bounty for iPhones and iPads, which pays up to $200,000 for high-end secure boot firmware exploits.

It's the second zero-day that Wardle found for the operating system this month -- the first shows how the new software's secure kernel extension loading feature is vulnerable to bypass.

Apple did not respond to a request for comment at the time of writing.

More information about the Infowarrior mailing list