Apple fixes two High Sierra password bugs

(Image: CNET/CBS Interactive)Apple has fixed two vulnerabilities in its Mac operating system that put passwords at risk of theft by hackers.
The company released the security fix Thursday, an Apple spokesperson told ZDNet.
Synack’s Patrick Wardle, who was credited with finding one of the now-fixed vulnerabilities, revealed a password-stealing bug just hours before High Sierra was released.
The bug let an attacker grab and steal every password in plain text using a malicious, unsigned app downloaded from the internet — without needing the user’s master Keychain password.
安泰科技(000969):关于12安泰债公司债券跟踪评级结果的公
Apple fixed the bug by requiring users to enter their password before unlocking their Keychain.
Thursday’s security update also fixed another security vulnerability affecting encrypted volumes using Apple’s new file system, APFS, in which the volume’s password was stored as the password hint and could be revealed in plain text.
Apple acknowledged Matheus Mariano for finding the bug.
ZDNET INVESTIGATIONS
Leaked TSA documents reveal New York airport’s wave of security lapses
US government pushed tech firms to hand over source code
At the US border: Discriminated, detained, searched, interrogated
Millions of Verizon customer records exposed in security lapse
Meet the shadowy tech brokers that deliver your data to the NSA
Inside the global terror watchlist that secretly shadows millions
FCC chairman voted to sell your browsing history — so we asked to see his
With a single wiretap order, US authorities listened in on 3.3 million phone calls
198 million Americans hit by ‘largest ever’ voter records leak
Android更危险iOS最安全,这种现状除了厂商,用户无法改变,用户能做的是提高警惕,加强自身的安全防范意识。
Britain has passed the ‘most extreme surveillance law ever passed in a democracy’

Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it
Leaked document reveals UK plans for wider internet surveillance
ZDNET INVESTIGATIONS
Leaked TSA documents reveal New York airport’s wave of security lapses
US government pushed tech firms to hand over source code
At the US border: Discriminated, detained, searched, interrogated
Millions of Verizon customer records exposed in security lapse
Meet the shadowy tech brokers that deliver your data to the NSA
Inside the global terror watchlist that secretly shadows millions
FCC chairman voted to sell your browsing history — so we asked to see his
With a single wiretap order, US authorities listened in on 3.3 million phone calls
198 million Americans hit by ‘largest ever’ voter records leak
Britain has passed the ‘most extreme surveillance law ever passed in a democracy’
Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it
Leaked document reveals UK plans for wider internet surveillance
互联网站要高度重视用户信息安全工作,各互联网站要高度重视用户信息安全工作。并提醒广大互联网用户提高信息安全意识,密切关注相关网站发布的公告,并根据网站安全提示修改密码。提高密码的安全强度并定期修改。

猜您喜欢

抚州市档案局扎实做好档案数字化安全保密工作
三分钟,改变安全培训人员的工作状态
网络安全法宣传片 002 国家网络安全的现状与重要性概述
科学预防心血管疾病 坚持每天一斤果蔬+40分钟运动
MCXNIFTYTIPS MOTORSANDCONTROL
解读“电信和互联网用户个人信息保护规定”