High Sierra Zero Day Exploit

Tuesday, September 26, 2017 @ 03:09 PM gHale

Apple just released macOS High Sierra 10.13 operating system which comes with a Zero Day exploit that could put Keychain passwords at risk.

Security researcher Patrick Wardle published information about the Zero Day security issue right after Apple released the macOS High Sierra OS to users worldwide.

Bluetooth Devices Susceptible to Attack
ICSJWG: Change in Security Approach Needed
Power Grid Compromise
Fighting FUD from DC

The security flaw affects the operating system’s new SKEL (Secure Kernel Extension Loading) feature, designed to require users to approve the loading of any new third-party kernel extensions.

“The main (security) goal of SKEL is to block the loading of legitimate but (known) vulnerable kexts. Until Apple blacklists these kexts via the OSKextExcludeList dictionary (in AppleKextExcludeList.kext/Contents/Info.plist), attackers can simply load such kexts, then exploit them to gain arbitrary code execution within the context of the kernel,” said Patrick Wardle in a report.

With this exploit on hand, which also affects older versions of macOS, an attacker would be able to steal all passwords stored in Mac’s Keychain password manager using an unsigned app to download and install from the Web. Because of the exploit, the hacker doesn’t even need to master password to access Keychain stored passwords, which are visible in plain-text.

Wardle said it is easy to have access to the Keychain vault on a Mac running macOS High Sierra or any other version of the operating system that Apple still offers for download via its App Store. Apple is aware of the security flaw and said it will fix it with a future update, probably macOS High Sierra 10.13.1.

Leave a Reply

You must be logged in to post a comment.