Apple fixes two High Sierra password bugs

(Image: CNET/CBS Interactive)Apple has fixed two vulnerabilities in its Mac operating system that put passwords at risk of theft by hackers.
The company released the security fix Thursday, an Apple spokesperson told ZDNet.
Synack’s Patrick Wardle, who was credited with finding one f the now-fixed vulnerabilities, revealed a password stealing bug just hours before High Sierra was released.
The bug let an attacker to grab and steal every password in plain-text using a malicious, unsigned app downloaded from the internet, without needing the user’s master Keychain password.
Apple fixed the bug by requiring the user for their password to access their Keychain or stored passwords.
Thursday’s security update also fixed another security vulnerability affecting encrypted volumes using Apple’s new file system, APFS, in which the volume’s password was stored as the password hint and could be revealed in plain text.
Apple acknowledged Matheus Mariano for finding the bug.
ZDNET INVESTIGATIONS
Leaked TSA documents reveal New York airport’s wave of security lapses
US government pushed tech firms to hand over source code
At the US border: Discriminated, detained, searched, interrogated
Millions of Verizon customer records exposed in security lapse
无节操黑客为不良搜索公司蝇头小利而入侵其竞争对手并窃取商业机密
Meet the shadowy tech brokers that deliver your data to the NSA
Inside the global terror watchlist that secretly shadows millions
FCC chairman voted to sell your browsing history — so we asked to see his
With a single wiretap order, US authorities listened in on 3.3 million phone calls

198 million Americans hit by ‘largest ever’ voter records leak
应对ATM机旁边的附加装置,通过改变ATM机的物理构造,让附加设备不易安装或很容易被识别是一种方法,使用芯片代替磁条和卡号、让复制变得不容易是高妙的技术手段,加强用户安全教育是精明的管理手法。
Britain has passed the ‘most extreme surveillance law ever passed in a democracy’
Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it
Leaked document reveals UK plans for wider internet surveillance
ZDNET INVESTIGATIONS
Leaked TSA documents reveal New York airport’s wave of security lapses
US government pushed tech firms to hand over source code
At the US border: Discriminated, detained, searched, interrogated
Millions of Verizon customer records exposed in security lapse
Meet the shadowy tech brokers that deliver your data to the NSA
Inside the global terror watchlist that secretly shadows millions
FCC chairman voted to sell your browsing history — so we asked to see his
With a single wiretap order, US authorities listened in on 3.3 million phone calls
198 million Americans hit by ‘largest ever’ voter records leak
Britain has passed the ‘most extreme surveillance law ever passed in a democracy’
Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it
Leaked document reveals UK plans for wider internet surveillance
涉密网络通常与互联网进行了物理隔绝,针对涉密网络的攻击需要跳板,技术上得注意U盘,手机等移动设备接入涉密网络,更重要的是加强人员的安全意识教育。

猜您喜欢

一分钟的信息安全意识动画片,轻松演绎企业信息安全基础知识。
移动计算时代应该严肃对待安全漏洞
CyberSecurity Law Introduction 网络安全法宣传视频系列
中纪委:公务员若辞职下海 不是想干啥就干啥
JAVANPRESS BRAVOCOMPANYMFG
安全月安全生产教育动画片——小李的一天