Teenage Hacker\'s Evil App Steals Apple Mac Passwords

by:Y&M Crafts     2019-09-11
Another teenager found a serious flaw in Apple\'s technology.
Just last week, a 14-year-
Old found a bug that allows snooping on iPhone and Mac users due to a problem with FaceTime. Now German 18-year-
Old Renas Henze has discovered a vulnerability that affects the latest Apple macOS, opening the stored password to malicious applications.
This may include the login of your bank website, Amazon, Netflix, Slack and more apps.
This is a Mac though-
The only bug is that if you are using an iCloud Keychain, there may also be a danger with the password synced on the iphone and Macs.
To make matters worse, there may not be a fix at work.
Henze, who did not disclose his findings to Apple, told Forbes that the lack of compensation for such studies was the reason why he decided to keep hacking details secret to the Cupertino giants.
The researcher recently discovered other iOS and macOS bugs and found a way for Apple to \"keychain.
This is the area where macOS stores private keys and passwords, which makes it a gold mine for hackers.
Henze found out that he could create an app that could read the contents in the keychain without the explicit permission of the victim.
His simulated malware does not require such privileges as an administrator.
Level permissions.
\"Running a simple app is all you need,\" Henze said . \".
Henze assumes that as for how malware first enters the Mac, a malicious hacker can hide a keychain vulnerability in a legitimate application.
Or the user can be directed to a Web page that starts rogue code.
Henze said that because the attack might get a token to access iCloud, it is possible to take over an Apple ID and download their keychain from the company\'s server.
Henze\'s findings came a week after another teen, Grant Thompson, found a serious problem in iOS.
It allows silent snooping on the iphone through the FaceTime bug.
Apple has reportedly promised to fix and will give 14-year-
Pay the old fee through its iOS bug bounty program.
In return for information on security weaknesses in mobile operating systems, it offers up to $200,000.
Apple\'s Bug bounty program is an invitation-
For iOS only.
\"They don\'t seem to really care about macOS,\" Henze said . \".
\"It takes time to find such a bug, and I just think it\'s right to pay the researchers because we\'re helping Apple to make their product safer.
Instead of notifying Apple directly, Henze posted a YouTube video earlier this week.
It is commendable that kidForbes had Apple Mac security expert Patrick Wardle test the bug.
Former NSA analyst Wardle was impressed by the young researcher\'s findings.
\"A great honor for Renas.
He joked: \"It\'s really a cute bug and I won\'t turn off my Mac until Apple wraps its head around to safety and go surfing.
\"It\'s a bit frustrating that Apple doesn\'t know how to protect the keychain.
If the mechanism itself is always insecure, what is the point of creating something to store all the most sensitive information on the system.
\"A quick fix company said it did not comment when it was released.
Since it does not have the technical information Henze provides, it is not clear when it can be fixed.
The latest macOS Mojave is 10. 14. 3.
Wardle, who discovered a similar mistake in 2017, told Forbes users to take steps to prevent any app from stealing their passwords.
Perhaps the best defense at the moment is to manually set the password for the keychain.
But this means that whenever a legitimate app wants to use a password in a keychain, the user must enter the login.
Sometimes security is better than usability.
Custom message
Chat Online 编辑模式下无法使用
Chat Online inputting...