The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Mac OS X keychain

Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext

Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext

September 26, 2017Swati Khandelwal
Apple yesterday rolled out a new version of its macOS operating system, dubbed High Sierra 10.13 —a few hours before an ex-NSA hacker publicly disclosed the details of a critical vulnerability that affects High Sierra as well as all earlier versions of macOS. Patrick Wardle, an ex-NSA hacker and now head of research at security firm Synack, found a critical zero-day vulnerability in macOS that could allow any installed application to steal usernames and plaintext passwords of online accounts stored in the Mac Keychain. The macOS Keychain is a built-in password management system that helps Apple users securely store passwords for applications, servers, websites, cryptographic keys and credit card numbers—which can be accessed using only a user-defined master password. Typically no application can access the contents of Keychain unless the user enters the master password. "I discovered a flaw where malicious non-privileged code (or apps) could programmatically access th
Critical OS X Flaw Grants Mac Keychain Access to Malware

Critical OS X Flaw Grants Mac Keychain Access to Malware

September 03, 2015Swati Khandelwal
Back in July, a security researcher disclosed a zero-day vulnerability in Mac OS X that allowed attackers to obtain unrestricted root user privileges with the help of code that even fits in a tweet . The same vulnerability has now been upgraded to again infect Mac OS X machines even after Apple fixed the issue last month. The privilege-escalation bug was once used to circumvent security protections and gain full control of Mac computers. Thanks to the environment variable DYLD_PRINT_TO_FILE Apple added to the code of OS X 10.10 Yosemite. The vulnerability then allowed attackers to install malware and adware onto a target Mac, running OS X 10.10 (Yosemite), without requiring victims to enter system passwords. However, the company fixed the critical issue in the Mac OS X 10.11 El Capitan Beta builds as well as the latest stable version of Mac OS X – Version 10.10.5 . Mac Keychain Flaw Now, security researchers from anti-malware firm MalwareBytes spotted t
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.