- Apr 21, 2016
- 3,439
It would appear that Apple's recently released macOS High Sierra 10.13 operating system comes with a zero-day exploit that could put your stored Keychain passwords at risk if your Mac gets hacked.
Patrick Wardle, a security researcher that apparently worked for NSA, published information about the said zero-day security issue minutes after Apple released the macOS High Sierra OS to users worldwide. The security flaw affects operating system's new SKEL (Secure Kernel Extension Loading) feature, which is designed to require users to approve the loading of any new third-party kernel extensions.
"The main (security) goal of SKEL is to block the loading of legitimate but (known) vulnerable kexts. Until Apple blacklists these kexts via the OSKextExcludeList dictionary (in AppleKextExcludeList.kext/Contents/Info.plist), attackers can simply load such kexts, then exploit them to gain arbitrary code execution within the context of the kernel," said Patrick Wardle in his detailed report.
Read more: macOS High Sierra Zero-Day Exploit Puts Users' Stored Keychain Passwords at Risk
Patrick Wardle, a security researcher that apparently worked for NSA, published information about the said zero-day security issue minutes after Apple released the macOS High Sierra OS to users worldwide. The security flaw affects operating system's new SKEL (Secure Kernel Extension Loading) feature, which is designed to require users to approve the loading of any new third-party kernel extensions.
"The main (security) goal of SKEL is to block the loading of legitimate but (known) vulnerable kexts. Until Apple blacklists these kexts via the OSKextExcludeList dictionary (in AppleKextExcludeList.kext/Contents/Info.plist), attackers can simply load such kexts, then exploit them to gain arbitrary code execution within the context of the kernel," said Patrick Wardle in his detailed report.
Read more: macOS High Sierra Zero-Day Exploit Puts Users' Stored Keychain Passwords at Risk
