"Extremely Critical" OS X Keychain Vulnerability Steals Passwords Via SMS

Mark Wilson writes: Two security researchers have discovered a serious vulnerability in OS X that could allow an attacker to steal passwords and other credentials in an almost invisible way. Antoine Vincent Jebara and Raja Rahbani — two of the team behind the myki identity management security software — found that a series of terminal commands can be used to extract a range of stored credentials. What is particularly worrying about the vulnerability is that it requires virtually no interaction from the victim; simulated mouse clicks can be used to click on hidden buttons to grant permission to access the keychain. Apple has been informed of the issue, but a fix is yet to be issued. The attack, known as brokenchain, is disturbingly easy to execute. Ars reports that this weakness has been exploited for four years.

Wait for it...

[KGIII]

So who will defend Apple this time or attempt to minimize this or attempt to claim that other OSes are worse so that this is, seemingly, less significant. No OS is secure, it never will be and it only gets worse when you connect it to another device. There will always be security problems.

Not because I care so much but because I am easily amused...