"Extremely Critical" OS X Keychain Vulnerability Steals Passwords Via SMS

Posted by samzenpus on Wednesday September 2, 2015 @12:03PM from the long-standing-bug dept.

Mark Wilson writes: Two security researchers have discovered a serious vulnerability in OS X that could allow an attacker to steal passwords and other credentials in an almost invisible way. Antoine Vincent Jebara and Raja Rahbani — two of the team behind the myki identity management security software — found that a series of terminal commands can be used to extract a range of stored credentials. What is particularly worrying about the vulnerability is that it requires virtually no interaction from the victim; simulated mouse clicks can be used to click on hidden buttons to grant permission to access the keychain. Apple has been informed of the issue, but a fix is yet to be issued. The attack, known as brokenchain, is disturbingly easy to execute. Ars reports that this weakness has been exploited for four years.

3 of 123 comments (clear)

Min score:

Reason:

Sort:

Re:Wait for it... by cdrudge · 2015-09-02 12:35 · Score: 2, Funny

Apparently this guy will, saying that no OS is secure, never will be, and there will always be security problems.
That's why I use Windows 10 by Anonymous Coward · 2015-09-02 12:37 · Score: 3, Funny

No one is going to get my passwords. They've all been safely keylogged onto Microsoft's ultrasecure telemetry cloud!
Re:QQ moar by konohitowa · 2015-09-02 12:54 · Score: 2, Funny

Gosh. You sure told them!