Tech & Science Yet Another Password Vulnerability Has Been Found In macOS High Sierra

14:30  11 january  2018
14:30  11 january  2018 Source:   gizmodo.com.au

Intel reveals chip design flaw that could have allowed hackers to access hidden info

  Intel reveals chip design flaw that could have allowed hackers to access hidden info Hardware and software manufacturers including Apple and Microsoft began pushing out patches that protected against attacks making use of the flaw. The flaw, which Intel dubbed a side-channel analysis attack,  was discovered "months ago" Intel CEO Brian Krzanich said on CNBC Wednesday. The discovery was made by researchers at Google's Project Zero security group, which reported it to the affected companies. The vulnerabilities undermine some of the most fundamental security constraints employed by modern computers, said Craig Young, a researcher at computer security company Tripwire.

For the third time in recent months, big problems have been discovered with macOS High Sierra . Is it as serious a vulnerability as gaining root access? Of course not. But the purpose of a password field is to deny entry to those without it—a basic feature of modern computing.

17/06/2017 · Multiple vulnerabilities found in Mac OS X Another vulnerability involves the entry of an admin password . Apple Has Yet Another Password Bug in macOS High Sierra .

a screenshot of a cell phone© Provided by Business Insider Australia

For the third time in recent months, big problems have been discovered with macOS High Sierra.

In September, a security researcher named Patrick Wardle discovered an exploit to snag plaintext passwords from Keychain. Two months later, software developer Lemi Orhan Ergin realised that gaining root access to High Sierra machines was essentially as easy as inputting the username "root", no password required. And now, Macrumors reports, a gaping hole has been found that could affect a Mac user's security.

A bug report on Open Radar from earlier this week - affecting version 10.13.2 - allows any user to change the App Store system preferences without a real password, in five steps or fewer:

Apple Says All Macs, IPhones, IPads Exposed to Chip Flaw

  Apple Says All Macs, IPhones, IPads Exposed to Chip Flaw Apple Inc. said all Mac computers and iOS devices, like iPhones and iPads, are affected by chip security flaws unearthed this week, but the company stressed there are no known exploits impacting users. The Cupertino, California-based company said recent software updates for iPads, iPhones, iPod touches, Mac desktops and laptops, and the Apple TV set-top-box mitigate one of the vulnerabilities known as Meltdown. The Apple Watch, which runs a derivative of the iPhone’s operating system is not affected, according to the company.

For the third time in recent months, big problems have been discovered with macOS High Sierra . 2017 was a grim year for Apple, as bugs, vulnerabilities and public gaffes piled up against the company that built its image on slick, highly designed products.

Triada Trojan Found in Firmware of Low-Cost Android Sma Paul’s Security Weekly #513 – Two iPhones & Securing your ride. For the third time in recent months, big problems have been discovered with macOS High Sierra .Read more…

1) Log in as a local admin

2) Open App Store Prefpane from the System Preferences

3) Lock the padlock if it is already unlocked

4) Click the lock to unlock it

New Android Malware Variant Is Stealing Uber Passwords

  New Android Malware Variant Is Stealing Uber Passwords Security researchers have identified a new variant of Android malware that is stealing Uber passwords.The malware is a new variation on Android.Fakeapp, a common malware targeting Android devices. Previous versions of the attack have aimed to steal credit card numbers and other personal information, but the latest variant is specifically targeting Uber users.

For the third time in recent months, big problems have been discovered with macOS High Sierra . And now, Macrumors reports, a gaping hole has been found that could affect a Mac user’s security.

Have an account? Remember me · Forgot password ? Find a topic you’re passionate about, and jump right in. Learn the latest. Get instant insight into what people are talking about now.

5) Enter any bogus password

If a machines is already unlocked, someone with malicious intent could easily turn off "automatically check for updates", leaving a machine's current bugs unpatched. Is it as serious a vulnerability as gaining root access? Of course not. But the purpose of a password field is to deny entry to those without it - a basic feature of modern computing. Fortunately, according to Macrumors' tests, the issue appears to be resolved in the forthcoming 10.13.3 update - which you wouldn't be alerted to if automatic updates are turned off.

2017 was a grim year for Apple, as bugs, vulnerabilities and public gaffes piled up against the company that built its image on slick, highly designed products. Hopefully the App Store settings exploit isn't an indicator of what's to come.

In the midst of complex hacking operations, here are simple tips to improve your cybersecurity .
In the tech realm, a new year brings new gadgets — and new worries about cybersecurity as more and more security breaches are revealed.  The most recent scare, called Spectre or Meltdown, involves vulnerabilities to processing chips that date back to 1995, resulting in billions of devices that are susceptible to intrusion, says Jason Koebler, editor-in-chief of the online publication Motherboard.

Source: http://au.pressfrom.com/news/tech-and-science/-51876-yet-another-password-vulnerability-has-been-found-in-macos-high-sierra/

—   Share news in the SOC. Networks

Topical videos:

This is interesting!