Apple update the MacOS High Sierra to rectify two major flaws
Apple released an update for it’s latest MacOS High Sierra on Oct 5. The update was released as a patch to rectify two major flaws in the OS. An earlier update by the tech giants patched 43 different vulnerabilities but missed 2 which is now fixed in the latest update.
US-CERT warned about the MacOS High Sierra
The US-CERT said, Apple has released a security update to address vulnerabilities in MacOS High Sierra 10.13, these vulnerabilities could have been easily exploited by hacked to get your sensitive information.
One of the issues was vulnerability of macOS keychain
Among the two issues solved one was a critical issue where an attacker could steal your passwords from macOS keychain. Apple warned in an advisory that a method exists where applications could be bypassed and be accessed using a synthetic click.
The Keychain flaw was identified by Patrik Wardle, a security researcher. He publically demonstrated the flaw on a video.
Where he shows how the OS is flawed and how easy it is for hackers to know all your passwords. Although he didn’t tell anything about how you can do it and didn’t release any technicals details about the vulnerability of any sort. He said that his goal for posting the video was to raise awareness about the fact that High Sierra was shipped with an exploitable vulnerability and people to take precaution for the same.
Second vulnerability was the StorageKit library
Apple file system that debuted on the High Sierra, was reported with bugs which were identified as CVE-2017-7149. Apple released an advisory on the issue which stated that if a user had set up a hint in Disk Utility when creating an APFS encrypted system, the password was stored as a hint.
The issue was reported to Apple by security researcher Matheus Mariano. Mariano also in his blog post wrote that he was surprised as to how Apple or anyone else let such a serious and minor issue go unseen.