Emergency Apple Patch Fixes High Sierra Password Hint Leak

Apple rushed out an emergency patch Thursday that fixed an incredulous bug in its shiny new High Sierra operating system that revealed APFS volume passwords via the password hint feature.
Brazilian researcher Matheus Mariano of Leet Tech found the bug and privately disclosed it to Apple. He said that upon creation of an encrypted container in APFS—Apple’s new file system in High Sierra—the password guarding it is stored in plaintext in the password hint.
If you create an Encrypted APFS container and install the new macOS, your password will be stored as plain text in your password hint. pic.twitter.com/DwA7sks9HD
— Matheus Mariano (@martiano_) September 26, 2017
喜欢铤而走险的网络犯罪份子们明白:直接进行攻击很容易被追溯到源头,所以他们往往会利用跳板作为攻击者的IP来源,进而给案件的侦查带来困难和阻力,同时,他们还会尝试删除访问日志记录,以企图掩盖自己的获罪行为。
Mariano explained in a post how he found the bug (CVE-2017-7149) upon creating a new encrypted volume to the APFS container. He created a new password and entered a hint into the field. He mounted the new container and upon clicking the password hint, his newly created password was revealed instead. Mariano said the issue affects only Macs with solid state drives.
“If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint,” Apple said in its advisory. “This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints.”
Mariano demonstrated the bug in a video, below.
Mariano’s bug was one of two vulnerabilities addressed in the out-of-band fix. The other was a vulnerability disclosed shortly before the release of High Sierra last week that allowed attackers to dump plaintext passwords from the macOS keychain.
Researcher Patrick Wardle, chief security researcher at Synack, privately disclosed to Apple in early September and said the bug is also present in Sierra and likely also in El Capitan.
Wardle cautioned last week that there was a low barrier to entry for attackers to exploit this issue once they already had a foothold on a machine.
The macOS Keychain is a critical security component for authentication. It’s an encrypted container that stores system usernames and passwords as well as credentials for applications and web-based services. It can also store payment card data, banking PINs and other credentials. Accompanying Keychain is Keychain Access, a password management application that stores credentials in the keychain, saving the user from having to enter them over and over on the web.
Wardle and other researchers were critical of Apple’s response to the initial disclosure, which recommended to users that Gatekeeper would be an adequate mitigation against the Keychain attack. While this might be true against unsigned malware—Gatekeeper denies unsigned code from executing on macOS—it ignores the multitude of attacks carried out using legitimate Apple developer certs to sign malware.
“That prerequisite of getting initially infected is a high prerequisite,” Wardle said. “That’s the area of focus and probably why Apple responded with Gatekeeper. That wouldn’t have been my response. But I like where they’re going in terms of being careful where you’re downloading apps from and following good security practices. Unfortunately we are seeing things like legitimate applications and websites getting hacked (Handbrake, Transmission). And in those scenarios, those are signed apps being hosted on legitimate websites and the user is pretty much done.
保密第一课
“I think it’s important for Apple to build in these secondary lines of defenses where even if that happens when something tries to hijack the keychain, it’s pretty much blocked.”
信息安全意识教育目标是:在一年的时间内,只需让每位员工花费共两个小时,便能通过丰富多彩的安全意识教育活动,在和风细雨中,了解安全基础,获得安全意识,接受安全理念,掌握安全技能,改变安全行为,履行安全职责……

猜您喜欢

千亿娱乐官网登录 3G黄金戎指多少钱
信息安全培训测验
Cyber Security Law 网络安全法宣传视频系列001
前方揭秘周琦如何融入火箭 训练师专程为他学中文
EVENTWRISTBANDS DARKCHAPTERPRESS
信息安全意识培训之情景互动——黑客社交攻防大挑战