You can now find Cyber Kendra on Google News | Telegram

Zero-day Bug Found in Apple New MacOS High Sierra

Recently Apple have announced its new MacOS version codename - High Sierra (10.13) (coming Soon), which Apple claims it's MacOS is much secure.

But here it is different, a well known Apple Security Researcher name Patrick Wardle, former NSA hacker, and Chief Security Researcher at Synack have demonstrated a zero-day vulnerability in Apple upcoming MacOS (High Sierra).

The video PoC shows how a single downloaded application in users workstation exploit an unknown flaw to dump the content of the user's Keychain file in cleartext.

Keychain is a macOS application that stores passwords and account information, working similar to a local password and identity manager. All information stored in the Keychain app is encrypted by default, preventing other users or third-party apps from accessing this data without permission.

Bleeping Computer reported that wardle told -
"The exploit works by exploiting an implementation flaw in the OS,". "It's macOS only (not iOS), but I believe it affects all recent versions of the OS."
 Wardle exploit works perfectly without have the root access on system.

"I haven't tested it with apps from the App Store, but any other code on the box (i.e. it's not a remote attack) can access and dump the user's Keychain [using the exploit]," -he added.

Zero-day Reported to Apple Team
Wardle have said that he had reported the vulnerability to Apple Security team and apple may be working on patching this.

The bug can be used by a malware to dumb all the data stored in a keychain.

Second Zero-day in a Month
This is not a first that Wardle have found a bug on Apple High Sierra, earlier also he discovered a way to bypass the new "Secure Kernel Extension Loading" (SKEL) feature added in High Sierra, which would allow attackers to load malicious kernel extensions and take over a user's device.

Source: Bleeping Computer

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.