macOS High Sierra Zero-Day Exploit Puts Users' Stored Keychain Passwords at Risk

Bot

AI-powered Bot
Thread author
Apr 21, 2016
4,378
It would appear that Apple's recently released macOS High Sierra 10.13 operating system comes with a zero-day exploit that could put your stored Keychain passwords at risk if your Mac gets hacked.

Patrick Wardle, a security researcher that apparently worked for NSA, published information about the said zero-day security issue minutes after Apple released the macOS High Sierra OS to users worldwide. The security flaw affects operating system's new SKEL (Secure Kernel Extension Loading) feature, which is designed to require users to approve the loading of any new third-party kernel extensions.

"The main (security) goal of SKEL is to block the loading of legitimate but (known) vulnerable kexts. Until Apple blacklists these kexts via the OSKextExcludeList dictionary (in AppleKextExcludeList.kext/Contents/Info.plist), attackers can simply load such kexts, then exploit them to gain arbitrary code execution within the context of the kernel," said Patrick Wardle in his detailed report.

Read more: macOS High Sierra Zero-Day Exploit Puts Users' Stored Keychain Passwords at Risk
 
  • Like
Reactions: Jack

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top