Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11The newly released macOS has detected a serious security vulnerability
Newly released to the public today as Apple's latest MacOS High Sierra operating system has an important security hole, allowing hackers to access Plainted Keychain Data.
Unregistered applications on macOS High Sierra (and possibly the previous version of macOS) can steal usernames and account passwords stored on Keychain.
Security researcher and former NSA analyst Patrick Wardle talked about this vulnerability and shared a video of how to exploit it.
In order for this vulnerability to work, users need to download third-party malicious code from an unknown source, Apple often discourages users from downloading applications from untrusted developers or from outside the Mac App Store. . Apple does not even allow downloading from untrusted developers without overwriting security settings.
In the video illustrated, Wardle creates a POC application called keychainStealer that can access the plaintext passwords of Twitter, Facebook and Bank of America stored on Keychain.
An attacker can steal data on Plaintext Keychain
Wardle told Forbes about the vulnerability and said it was not too difficult to run malicious code on the Mac even with Apple's protection. Wardle does not provide the entire exploit code, but he also believes Apple will fix the vulnerability in the next update.
Apple has not responded when asked about this vulnerability.
Kareem WintersYou should read it
- The vulnerability on macOS 10.13 allows access to the Mac with any password
- Detecting a serious security vulnerability on macOS, this 18-year-old youth refused to disclose it because Apple did not pay the bonus
- How to turn on / off iCloud Keychain (password prompt feature) on iPhone
- Apple is developing a feature similar to 1Password for Keychain in iOS 14
- Discovered a new zero-day vulnerability on macOS that allows attackers to run commands remotely
- What is iCloud Keychain and how to use it effectively?
- Apple updated the password revealing patch from the Disk Utility function
- Update your Macbook now to avoid this major security bug
May be interested
- Detected extremely serious vulnerability in Hikvision security cameras
successfully exploiting this vulnerability helps hackers gain access to the camera and the victim's network. - Protect yourself against IE security holesto help you avoid attacks that exploit the newly discovered ie vulnerability, we recommend some tips to help you protect your data safely.
- Apple expanded the size of the security bug detection program to receive bonuses, including macOS, a maximum bonus of $ 1 millionsecurity researchers have, are, and will find a vulnerability in macos that will be awarded by apple in the near future.
- Detecting a serious security vulnerability on macOS, this 18-year-old youth refused to disclose it because Apple did not pay the bonuslinus henze, an 18-year-old german, recently claimed to have discovered a serious security flaw on macos that could expose the machine's storage passwords to malicious applications.
- The researcher released code that exploits the iOS Kernel vulnerabilityadam donenfeld, a researcher at mobile security company zimperium, has released the poc code for ziva - a kernal vulnerability affecting ios 10.3.1 and earlier.
- iOS 11.1 was released with a series of new emoji and fixes for the KRACK vulnerabilityapple has just released ios 11.1 and macos high sierra 10.13.1 with many fixes, more than 70 new emoji icons and many security updates. released on the same day are new updates for tvos, watchos, safari, itunes, and icloud.
- Apple released macOS unlocking patch, with apologyyesterday, apple just released a bug fix update on macos, allowing root account creation and login without a password.
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge itmicrosoft has just released security updates to fix a high-severity zero-day vulnerability in windows.
- Vulnerability on macOS helps hackers easily overcome security barriersthe interface of macos allows converting key presses into mouse operations. even when a user performs a double-click operation, macos will recognize that as the command to click the ok button.
- AMD CPUs also have security vulnerabilities that have existed for many years now!another relatively serious vulnerability on amd processors has continued to be discovered, prompting the security community.
Attack the network
- Russia threatened to ban Facebook, China blocked WhatsApp, South Korea considered banning Tumblr
- The malware owner earned $ 63,000 from digging Monero on the IIS server
- Windows computer worm forces users to view Homestar Runner
- Hackers use simple tricks to steal Ethereum worth 7 million dollars in 3 minutes
- Apple applies strict laws with VPN ad blocking tools on third-party applications
- Tor opens the Bug Bounty program to find a bug to receive a bonus
Russia threatened to ban Facebook, China blocked WhatsApp, South Korea considered banning Tumblr
The malware owner earned $ 63,000 from digging Monero on the IIS server
Windows computer worm forces users to view Homestar Runner
Hackers use simple tricks to steal Ethereum worth 7 million dollars in 3 minutes
Apple applies strict laws with VPN ad blocking tools on third-party applications
Tor opens the Bug Bounty program to find a bug to receive a bonus