Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11The newly released macOS has detected a serious security vulnerability
Newly released to the public today as Apple's latest MacOS High Sierra operating system has an important security hole, allowing hackers to access Plainted Keychain Data.
Unregistered applications on macOS High Sierra (and possibly the previous version of macOS) can steal usernames and account passwords stored on Keychain.
Security researcher and former NSA analyst Patrick Wardle talked about this vulnerability and shared a video of how to exploit it.
In order for this vulnerability to work, users need to download third-party malicious code from an unknown source, Apple often discourages users from downloading applications from untrusted developers or from outside the Mac App Store. . Apple does not even allow downloading from untrusted developers without overwriting security settings.
In the video illustrated, Wardle creates a POC application called keychainStealer that can access the plaintext passwords of Twitter, Facebook and Bank of America stored on Keychain.
An attacker can steal data on Plaintext Keychain
Wardle told Forbes about the vulnerability and said it was not too difficult to run malicious code on the Mac even with Apple's protection. Wardle does not provide the entire exploit code, but he also believes Apple will fix the vulnerability in the next update.
Apple has not responded when asked about this vulnerability.
Kareem WintersYou should read it
- How to check the password of iCloud Keychain
- How does macOS High Sierra unlock? How to stop?
- The vulnerability on macOS 10.13 allows access to the Mac with any password
- Detecting a serious security vulnerability on macOS, this 18-year-old youth refused to disclose it because Apple did not pay the bonus
- How to turn on / off iCloud Keychain (password prompt feature) on iPhone
- Apple is developing a feature similar to 1Password for Keychain in iOS 14
- Discovered a new zero-day vulnerability on macOS that allows attackers to run commands remotely
- What is iCloud Keychain and how to use it effectively?
- Apple updated the password revealing patch from the Disk Utility function
- Update your Macbook now to avoid this major security bug
- Protect yourself against IE security holes
- AMD CPUs also have security vulnerabilities that have existed for many years now!
May be interested
Russia threatened to ban Facebook, China blocked WhatsApp, South Korea considered banning Tumblr
The malware owner earned $ 63,000 from digging Monero on the IIS server
Windows computer worm forces users to view Homestar Runner
Hackers use simple tricks to steal Ethereum worth 7 million dollars in 3 minutes
Apple applies strict laws with VPN ad blocking tools on third-party applications
Tor opens the Bug Bounty program to find a bug to receive a bonus
Attack the network
Detected a serious BIOS vulnerability, affecting many Intel processors
Discovered a new zero-day vulnerability on macOS that allows attackers to run commands remotely
Update your Macbook now to avoid this major security bug
Detected critical zero-day vulnerability on Adobe Reader
Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick- Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updates
Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updates