Ex-NSA hacker drops macOS High Sierra zero-day hours before launch

(Image: CNET/CBS Interactive)

Just hours before Apple is expected to roll out the new version of its desktop and notebook operating system, macOS High Sierra, a security researcher dropped a zero-day.

Patrick Wardle, a former NSA hacker who now serves as chief security researcher at ‎Synack, posted a video of the hack -- a password exfiltration exploit -- in action.

Passwords are stored in the Mac's Keychain, which typically requires a master login password to access the vault.

But Wardle has shown that the vulnerability allows an attacker to grab and steal every password in plain-text using an unsigned app downloaded from the internet, without needing that password.

He tweeted a short video demonstrating the hack.

Wardle created a "keychainStealer" app demonstrating an exploit for the vulnerability, which according to the video, can expose passwords to websites, services, and credit card numbers when a user is logged in.

That exploit could be included in a legitimate-looking app, or be sent by email.

In his tweet, Wardle suggested that Apple should launch a macOS bug bounty program "for charity." Right now, Apple only has a bug bounty for iPhones and iPads, which pays up to $200,000 for high-end secure boot firmware exploits.

It's the second zero-day that Wardle found for the operating system this month -- the first shows how the new software's secure kernel extension loading feature is vulnerable to bypass.

Apple did not respond to a request for comment at the time of writing.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More



from Latest Topic for ZDNet in... http://ift.tt/2wPbbVJ