macOS High Sierra Zero-Day Exploit Puts Users’ Stored Keychain Passwords at Risk

It would appear that Apple’s recently released macOS High Sierra 10.13 operating system comes with a zero-day exploit that could put your stored Keychain passwords at risk if your Mac gets hacked.

Patrick Wardle, a security researcher that apparently worked for NSA, published information about the said zero-day security issue minutes after Apple released the macOS High Sierra OS to users worldwide. The security flaw affects operating system’s new SKEL (Secure Kernel Extension Loading) feature, which is designed to require users to approve the loading of any new third-party kernel extensions.

“The main (security) goal of SKEL is to block the loading of legitimate but (known) vulnerable kexts. Until Apple blacklists these kexts via the OSKextExcludeList dictionary (in AppleKextExcludeList.kext/Contents/Info.plist), attackers can simply load such kexts, then exploit them to gain arbitrary code execution within the context of the kernel,” said Patrick Wardle in his detailed report.

An attacker can steal your passwords from Mac’s Keychain

With this exploit on hand, which also affects older versions of macOS, an attacker would be able to steal all of your passwords stored in Mac’s Keychain password manager using an unsigned app that you can download and install from the Web. Thanks to the exploit, the hacker doesn’t even need the master password to access your Keychain stored passwords, which are visible in plain-text.

Watch the video below, courtesy of Patrick Wardle, to see how easy is to have access to the Keychain vault on a Mac running macOS High Sierra or any other version of the operating system that Apple still offers for download via its App Store. Unfortunately, Apple is aware of the security flaw and promises to fix it with a future update, probably macOS High Sierra 10.13.1.

“macOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval. We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents,” said Apple in a statement released today.

Read more…

Source: Softpedia