9.1 C
New York
Tuesday, November 12, 2024
PopCash.net

A Hacker Managed To Extract Passwords From Apple's New macOS Even Before It Launched

Apple has just released the new macOS High Sierra for its desktops and notebooks, but a security researcher managed to uncover a critical zero-day exploit that gives up all your passwords, before the new OS even launched.

Patrick Wardle, a former NSA hacker now working with ‎Synack, posted a video of the hack online showing how he could fairly easily obtain all the passwords saved on a Mac or Macbook.

Saved passwords on Apple’s desktop and notebook devices are stored in what’s called the ‘Keychain’, which requires a master login to access. Wardle, however, was able to demonstrate how a malicious app could could extract all those passwords in plain-text, without needing the master key at all.

He created a ‘keychainStealer’ app, which demonstrated the exploit. The scary part is that you don’t need to download his specific app to be infected, instead you could be compromised if it was in another legitimate app you downloaded, or even via email. Once that happens, all your website passwords, online services logins, and credit card numbers would be compromised. And though it was tested on the latest OS, macOS High Sierra, older versions of macOS and OS X are also vulnerable.

Wardle says he actually reported the bug to Apple earlier in September, but it wasn’t patched out before the update hit. Apple has still failed to comment on the exploit, or when it will attempt to patch it out.

Related Articles

Latest Articles