Ex-NSA hacker drops macOS High Sierra zero-day hours before launch
(Image: CNET/CBS Interactive)Just hours before Apple is expected to roll out the new version of its desktop and notebook operating system, macOS High Sierra, a security researcher dropped a zero-day.
Patrick Wardle, a former NSA hacker who now serves as chief security researcher at Synack, posted a video of the hack -- a password exfiltration exploit -- in action.
Passwords are stored in the Mac's Keychain, which typically requires a master login password to access the vault.
But Wardle has shown that the vulnerability allows an attacker to grab and steal every password in plain-text using an unsigned app downloaded from the internet, without needing that password.
He tweeted a short video demonstrating the hack.
Wardle created a "keychainStealer" app demonstrating an exploit for the vulnerability, which according to the video, can expose passwords to websites, services, and credit card numbers when a user is logged in.
That exploit could be included in a legitimate-looking app, or be sent by email.
In his tweet, Wardle suggested that Apple should launch a macOS bug bounty program "for charity." Right now, Apple only has a bug bounty for iPhones and iPads, which pays up to $200,000 for high-end secure boot firmware exploits.
It's the second zero-day that Wardle found for the operating system this month -- the first shows how the new software's secure kernel extension loading feature is vulnerable to bypass.
Apple did not respond to a request for comment at the time of writing.
from Latest Topic for ZDNet in... http://ift.tt/2wPbbVJ