Refine

Product Type

Vendor

 

How many Mac owners do you know that have not bothered to install antivirus software on their machine? Probably very few, and that's because over the years Apple has created a reputation for delivering the most secure computing platform in the industry. There's a common belief that a Mac is "unhackable" or that there are no successful viruses for Mac. Apple devices are widely considered impenetrable and secure compared to classic 

Windows computers and phones. And thus millions of Mac owners deem themselves safe without every running security scans on the programs they install, believing themselves to be completely safe.

Unfortunately, that bubble of safety isn't realistic, as became painfully obvious upon the release of the new High Sierra OS. For all of its upgrades and new features, there's was a critical error hiding just behind the scenes- a new exploit found in and run on the latest High Sierra operating system. Thankfully this was discovered by Patrick Wardle, an ex-employee of the NSA and white-hat hacker. The exploit allowed passwords to be stolen in plain text extremely easily, bypassing encryption and the usual master password and root access needed for such a feat. Wardle created a video of himself utilising the exploit in action but has retained key parts so that it will hopefully not be replicated by those with darker intentions. The vulnerability is no joking manner, exposing Macs on the new operating system to the less likeable people on the internet. 

If you've ever asked Safari to save a password so you don't have to remember it, then you've made use of Apple's Keychain feature. Now, anything that has been saved to Keychain is vulnerable to the exploit. Passwords can be stolen from Keychain in their unencrypted form by a vulnerability that any third-party program can access. Any program that doesn't come from a trusted source like the Mac App Store can use this vulnerability to steal passwords, putting everything from bank credentials to your Facebook account in jeopardy. Whether that program comes in the form of a malicious email or seemingly harmless download is irrelevant. Within little time, a hacker will be able to see the content of every username and password you have saved with Keychain.

For more info read these media articles...

https://www.forbes.com/sites/thomasbrewster/2017/11/28/apple-macos-high-sierra-guilty-of-really-stupid-password-bug/#1d2b5ee111d5

https://www.macworld.co.uk/how-to/mac-software/how-stop-someone-getting-root-access-your-mac-3668317/

 

Refine

Product Type

Vendor