Posted on September 27, 2017 at 4:00 PM
A vulnerability has been discovered in at least three different macOS’s that infiltrates the user’s Keychain.
A critical zero-day flaw in macOS’s latest version, High Sierra might cause a lot of damage amongst Apple users. This flaw was recently discovered by an ex-NSA employee, Patrick Wardle, who currently works for the cybersecurity research firm, Synack.
This flaw enables rogue applications and software to export passwords stored in the device in question in a plaintext document. This flaw also reaches beyond the High Sierra operating system and affects several previous versions of macOS.
The flaw uses password management system, which users will know as Keychain. Up until now, Keychain has been a great way for users to generate strong and unique passwords, and keep them all in one place. Apple also stores a lot of other sensitive information on this platform, including passwords, cryptographic keys, and credit card numbers.
While the system is a great tool for a user to keep sensitive information all in one place, the security used to protect that information has failed.
Wardle has confirmed that this latest malicious attack can infect the El Capitan, Sierra, and High Sierra operating systems. This means that most Mac systems will be vulnerable.
To launch the attack, a user has to install a remote application first. While this seems like something that is easily avoidable, this barrier is not as fool-proof as it seems. Current information shows that unsigned applications are also able to trigger the vulnerability and the payload can be delivered in multiple ways. These include web browsers or hacked versions of legitimate software downloads.
By default, all macOS’s reject any unsigned apps. However signed applications can also easily take advantage of this vulnerability. In order to sign an app, a developer simply requires an Apple Developer Program membership, which is $99 per year, an obstacle that is easily overcome by the dedicated attacker.
After the hacker has gained access to a victim’s Keychain, they can export all data from the software without needing to use a master password.
Since this attack requires your macOS to be compromised by outside software first, Wardle has cautioned users that the best method of protection is prevention. Attacks of this kind are local, so the best practice for any macOS user is to not give hackers access to your device by downloading suspicious apps and software.
Warning signs to look for is any random app that requires being run from your email or web browser. It is also advisable to keep your Keychain application locked. By default, the Keychain application is unlocked the moment user logs into their device, but this can be changed using the Keychain access app to keep your information locked at all times.
MacOS users have also been warned that this attack operates stealthily and will probably escape the attention of the victim. After a malicious app has been installed on your system, it will require no permission of the user, or send any notifications. Wardle has reported this vulnerability to Apple, hopefully, they will make a patch available soon that addresses this latest vulnerability.