#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

High Sierra | Breaking Cybersecurity News | The Hacker News

Category — High Sierra
ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability

ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability

Aug 13, 2018
Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday. Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application installed in the targeted system to virtually "click" objects without any user interaction or consent. To know, how dangerous it can go, Wardle explains : "Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? Click...allowed. Authorize keychain access? Click...allowed. Load 3rd-party kernel extension? Click...allowed. Authorize outgoing network connection? click ...allowed." Wardle described his research into "synthetic" interactions with a user interface (UI) as "The Mouse is Mightier than the Sword," ...
Apple macOS High Sierra Bug Exposes Passwords of Encrypted APFS Volumes As Hint

Apple macOS High Sierra Bug Exposes Passwords of Encrypted APFS Volumes As Hint

Oct 06, 2017
A severe programming error has been discovered in Apple's latest macOS High Sierra 10.13 that exposes passwords of encrypted Apple File System (APFS) volumes in plain text. Reported by Matheus Mariano, a Brazilian software developer, the vulnerability affects encrypted volumes using APFS wherein the password hint section is showing the actual password in the plain text. Yes, you got that right—your Mac mistakenly reveals the actual password instead of the password hint. In September, Apple released macOS High Sierra 10.13 with APFS (Apple File System) as the default file system for solid-state drives (SSDs) and other all-flash storage devices, promising strong encryption and better performance. Mariano discovered the security issue while he was using the Disk Utility in macOS High Sierra to add a new encrypted APFS volume to a container. When adding a new volume, he was asked to set a password and, optionally, write a hint for it. So, whenever the new volume is mounted, m...
Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Apr 15, 2025Data Privacy / Enterprise Security
Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people don't know is that browser extensions' excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025 , This report is the first and only report to merge public extension marketplace statistics with real-world enterprise usage telemetry. By doing so, it sheds light on one of the most underestimated threat surfaces in modern cybersecurity: browser extensions. The report reveals several findings that IT and security leaders will find interesting, as they build their plans for H2 2025. This includes information and analysis on how many extensions have risky permissions, which kinds of permissions are given, if extension developers are to be trusted, and more. Below, we bring key statistics from the report. Highlights from the Enterprise Browse...
Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext

Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext

Sep 26, 2017
Apple yesterday rolled out a new version of its macOS operating system, dubbed High Sierra 10.13 —a few hours before an ex-NSA hacker publicly disclosed the details of a critical vulnerability that affects High Sierra as well as all earlier versions of macOS. Patrick Wardle, an ex-NSA hacker and now head of research at security firm Synack, found a critical zero-day vulnerability in macOS that could allow any installed application to steal usernames and plaintext passwords of online accounts stored in the Mac Keychain. The macOS Keychain is a built-in password management system that helps Apple users securely store passwords for applications, servers, websites, cryptographic keys and credit card numbers—which can be accessed using only a user-defined master password. Typically no application can access the contents of Keychain unless the user enters the master password. "I discovered a flaw where malicious non-privileged code (or apps) could programmatically access th...
cyber security

Mastering AI Security: Your Essential Guide

websiteWizAI Security / Posture Management
Learn how to secure your AI pipelines and stay ahead of AI-specific risks at every stage with these best practices.
Expert Insights / Articles Videos
Cybersecurity Resources