Se­cu­rity con­cerns with macOS High Sierra

Ap­ple patches vul­ner­a­bil­i­ties in key­chain and en­crypted APFS vol­umes

Mac|Life - - CONTENTS - By Rob Mead-Green

Up­date your Mac now!

Two sur­pris­ing se­cu­rity lapses have emerged in macOS High Sierra, with one po­ten­tially af­fect­ing older ver­sions of macOS and OS X as well.

The first vul­ner­a­bil­ity, af­fect­ing the key­chain, was dis­cov­ered by Patrick War­dle, for­merly of the NSA and now di­rec­tor of re­search at Sy­nack, while try­ing out a beta build of macOS High Sierra. Us­ing a proof-of-con­cept pro­gram he de­vel­oped, called key­chainStealer, War­dle was able to dis­play plain text pass­words stored in key­chain for Bank of Amer­ica, Face­book, and Twit­ter. War­dle posted a video of the flaw on Vimeo ( bit.ly/

ma­coskeystealer) and no­ti­fied Ap­ple about the con­cern.

Wor­ry­ingly, War­dle said it would be rel­a­tively easy to in­stall a pro­gram like key­chainStealer. “Most at­tacks we see today in­volve so­cial en­gi­neer­ing and seem to be suc­cess­ful tar­get­ing Mac users,” War­dle told Forbes. “I’m not go­ing to say the [key­chain] ex­ploit is el­e­gant – but it does the job, doesn’t re­quire root [ac­cess] and is 100 per­cent suc­cess­ful.”

War­dle said the ex­ploit would work on any Mac where some­one was al­ready logged in, and that older ver­sions of the sys­tem may also be af­fected.

War­dle pub­lished his find­ings on Septem­ber 25, the same day macOS High Sierra was made avail­able on the Mac App Store. Ap­ple is­sued a patch for the vul­ner­a­bil­ity 10 days later, on Oc­to­ber 5. It also patched an­other sur­pris­ing er­ror that af­fected en­crypted Ap­ple File Sys­tem (APFS) vol­umes.

Dis­cov­ered by de­vel­oper Matheus Mar­i­ano, the APFS bug dis­plays in plain text the pass­word you’ve used to en­crypt a drive, show­ing it in the pass­word hint box right be­low the place where you’re meant to en­ter it – an in­cred­i­ble over­sight by Ap­ple’s en­gi­neers.

Us­ing macOS’s Disk Util­ity, Mar­i­ano cre­ated an en­crypted APFS vol­ume, set a pass­word and a hint for it, then un­mounted the vol­ume be­fore re­mount­ing it again. When he clicked the “Show Hint” but­ton, the pass­word he had set ap­peared in plain text, rather than the hint he ex­pected. Be­cause the startup disk in Macs that have an in­ter­nal SSD is au­to­mat­i­cally con­verted to APFS, this af­fects many mod­ern MacBooks.

You can make sure you’re pro­tected from both of these vul­ner­a­bil­i­ties by up­dat­ing macOS High Sierra to the lat­est ver­sion via the Mac App Store. To find out more about the se­cu­rity con­tent of Ap­ple’s macOS High Sierra 10.13 Sup­ple­men­tal Up­date, point your browser at bit.ly/mlmh­supd.

Though the two High Sierra is­sues have se­ri­ous im­pli­ca­tions, a fix is al­ready avail­able.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.