Apple Releases macOS High Sierra; Ex-NSA Hacker Publishes Zero-Day

rgMekanic

[H]ard|News
Joined
May 13, 2013
Messages
5,901
Patrick Wardle a former NSA hacker showed off a zero-day exploit in macOS High Sierra that allows an attacker to steal every password stored in the Keychain without needing a master login password. He reported the bug to Apple earlier this month, but the patch did not make it into the release of High Sierra today.

Kinda crazy that Apple would let an exploit like this walk out the door. Even more crazy is Wardle found another zero-day exploit in High Sierra earlier this month, that one showing that the secure kernel extension loading feature is vulnerable to bypass. He also has released a video of the keychain hack, which can be found here

"As a passionate Mac user, I'm continually disappointed in the security of macOS," he said. "I don't mean that to be taken personally by anybody at Apple -- but every time I look at macOS the wrong way something falls over. I felt that users should be aware of the risks that are out there I'm sure sophisticated attackers have similar capabilities. Apple marketing has done a great job convincing people that macOS is secure, and I think that this is rather irresponsible and leads to issues where Mac users are overconfident and thus more vulnerable."
 

Nytegard

2[H]4U
Joined
Jan 8, 2004
Messages
3,602
Just run Qubes OS.

It's a tradeoff between simplicity and security. Why operating systems can't be compartmentalized, because of user functionality, I'll never understand.
 

iamjanco

Limp Gawd
Joined
Jul 8, 2016
Messages
460
I can say the same thing about Windows too.

Sure you can. But there's one big difference between the two: there'll be a heck of a lot more developers working on a fix for Windows, then there will be for the Mac OS.
 

trparky

Gawd
Joined
Jul 23, 2009
Messages
971
The difference between a security exploit on Windows and an exploit on MacOS is that when it occurs on Windows it's a damn close to a world-ending kind of thing because Windows is used on so many systems around the world whereas on MacOS the target is not nearly as huge.
 

lostin3d

[H]ard|Gawd
Joined
Oct 13, 2016
Messages
2,043
I could only imagine what this should do to their stock prices. Kind of makes you wonder why its not headline news or front page.
 

Pieter3dnow

Supreme [H]ardness
Joined
Jul 29, 2009
Messages
6,784
I think all the security jibber jabber falls on deaf ears for most of the MAC crowd they don't "understand" computers in the first place (might be some exceptions). So when Apple is vocal and say no security issues why would they ever doubt that ?

These days it is all about perception rather then substance. One thing does bother me the releasing of the zero day exploit is that .public warning or just a way to counter other parties already abusing this ?
 

alxlwson

You Know Where I Live
Joined
Aug 25, 2013
Messages
8,375
I think all the security jibber jabber falls on deaf ears for most of the MAC crowd they don't "understand" computers in the first place (might be some exceptions). So when Apple is vocal and say no security issues why would they ever doubt that ?

These days it is all about perception rather then substance. One thing does bother me the releasing of the zero day exploit is that .public warning or just a way to counter other parties already abusing this ?


He did not release the exploit. He posted a video of his exploit in action. He may release it though. Step one is to notify. If not patched, step two is to show off PoC. Still no patch, step three is to hack the planet.
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,545
The difference between a security exploit on Windows and an exploit on MacOS is that when it occurs on Windows it's a damn close to a world-ending kind of thing because Windows is used on so many systems around the world whereas on MacOS the target is not nearly as huge.


Indeed, if all the Macs in the world disappeared overnight, the world would happily continue.
 

danmoody

Limp Gawd
Joined
Sep 21, 2004
Messages
330
But Macs don't get viruses. Only second class pc users get viruses. I seen the commercial. FIREWALL !
 

westrock2000

[H]F Junkie
Joined
Jun 3, 2005
Messages
9,346
Indeed, if all the Macs in the world disappeared overnight, the world would happily continue.

But I would be displeased to have lost 15TB of ripped movies. I thought ZFS was supposed to protect from spontaneous dimensional expulsions? I specifically asked about that scenario and was assured not to worry about it!
 
Top