Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Releases macOS High Sierra; Ex-NSA Hacker Publishes Zero-Day

Posted by msmash on from the here-we-are dept.

Apple today released the newest version of its operating system for Macs, macOS High Sierra, to the public. macOS High Sierra is a free download, and offers a range of new features and improvements including the new Apple File System, and support for High Efficiency Video Encoding (HEVC) for better compression without loss of quality, and HEIF for smaller photo sizes. Zack Whittaker, reporting for ZDNet: Patrick Wardle, a former NSA hacker who now serves as chief security researcher at -- Synack, posted a video of the hack -- a password exfiltration exploit -- in action. Passwords are stored in the Mac's Keychain, which typically requires a master login password to access the vault. But Wardle has shown that the vulnerability allows an attacker to grab and steal every password in plain-text using an unsigned app downloaded from the internet, without needing that password.

3 of 53 comments (clear)

  1. WTF by Anonymous Coward · · Score: 2, Insightful

    Nice quote. Stay on topic, please.

  2. Let's retire 'drop' by RightwingNutjob · · Score: 4, Insightful

    It's ambiguous and sometimes can mean the exact opposite of the intended message, especially when used in short click-baity headlines. How about 'publishes,' 'releases,' or 'exposes' here?

  3. Re: That didn't take long by Anonymous Coward · · Score: 2, Insightful

    You should continue posting this into the windows and Android threads too.

    That said, how the hell do you access an encrypted storage area without the key? This sounds like a major fail in design and not a "bug" in the usual sense