Welcome to Smokey's Security Forums.
As a guest you only have limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

A serious Tor browser flaw leaks users' real IP addresses

The so-called TorMoil flaw stems from a bug in how Firefox handles local file-based addresses.

A serious Tor browser flaw leaks users' real IP addresses

Malware Log Analysis & Removal Help * Ransomware Encryption & Decrytion Techniques * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on RedditShare this topic on TwitterAuthorTopic: macOS High Sierra Zero-Day Exploit Puts Users' Stored Keychain Passwords at Risk  (Read 97 times)

0 Members and 1 Guest are viewing this topic.

QuizmasterTopic starter

  • Flying Nurse
  • Seasonal Competition Team
  • *
  • Offline Offline
  • location: USA - Miami,FL
  • Posts: 23020
  • .: Surf Queen
    • WWW
macOS High Sierra Zero-Day Exploit Puts Users' Stored Keychain Passwords at Risk
26 September 2017, 12:47 am

It would appear that Apple's recently released macOS High Sierra 10.13 operating system comes with a zero-day exploit that could put your stored Keychain passwords at risk if your Mac gets hacked.

Patrick Wardle, a security researcher that apparently worked for NSA, published information about the said zero-day security issue minutes after Apple released the macOS High Sierra OS to users worldwide. The security flaw affects operating system's new SKEL (Secure Kernel Extension Loading) feature, which is designed to require users to approve the loading of any new third-party kernel extensions.

"The main (security) goal of SKEL is to block the loading of legitimate but (known) vulnerable kexts. Until Apple blacklists these kexts via the OSKextExcludeList dictionary (in AppleKextExcludeList.kext/Contents/Info.plist), attackers can simply load such kexts, then exploit them to gain arbitrary code execution within the context of the kernel," said Patrick Wardle in his det... (read more)

Source: Softpedia News / Security

>> To obtain the full Softpedia Security News article, click the link in the first post line <<
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2017 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by Meg&Millie - Emma aka Tinker

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

    

  

Smokey's also provides free fully qualified FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
rifle
rifle
rifle
rifle