All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

Thank you for buying via links and ads on this site,
which earn me advertising fees or commissions.
As an Amazon Associate I earn from qualifying purchases.

Other World Computing...
B&H Photo...
Amazon
As an Amazon Associate I earn from qualifying purchases.
Capacities up to 56TB and speeds up to 1527MB/s
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$1199 $779
SAVE $420

$250 $200
SAVE $50

$1699 $1299
SAVE $400

$1499 $1149
SAVE $350

$200 $140
SAVE $60

$89 $69
SAVE $20

$120 $35
SAVE $85

$178 $148
SAVE $30

$3498 $2998
SAVE $500

$3699 $1299
SAVE $2400

$1000 $700
SAVE $300

$3899 $1499
SAVE $2400

$748 $648
SAVE $100

$2999 $1999
SAVE $1000

$1699 $999
SAVE $700

$1698 $1398
SAVE $300

$4499 $4499
SAVE $click

$1399 $1049
SAVE $350

$1149 $799
SAVE $350

$1399 $1049
SAVE $350

$1498 $1198
SAVE $300

$2797 $2597
SAVE $200

$280 $250
SAVE $30

$699 $699
SAVE $click

$1699 $1299
SAVE $400

$8399 $8399
SAVE $click

$899 $799
SAVE $100

$1699 $1299
SAVE $400

OWC Thunderblade Thunderbolt 3 SSD

Blazing fast, up to 16TB.

YEE HAH!



√ No more slow and noisy hard drives!

macOS HighSierra: New Security Behavior includes a new Zero Day Exploit (kernel level compromise) and Dumping User Passwords

Get iMac 5K at B&H Photo and see my Mac wishlist.

This seems to be a move forward in making macOS less susceptible to malware—good. See Technical Note TN2459 User-Approved Kernel Extension Loading.

...

Update: so much for “good”: there is apparently a zero day exploit that comes with this new security theater. This exploit allows taking full control of the computer, more on that below.

In macOS HighSierra: Brief Use Brings Relief in a Way: Worth Ignoring for a While, I used the term “incompetent” in my post, which is too kind apparently. It should be something like “negligently incompetent”. That is, introducing a new zero day exploit that allows taking over macOS in the course of introducing a new almost marginal useful security feature.

I don’t usually hold developers at fault, since management’s calendar-driven shipping schedule guarantees problems. But in this case I have to make an exception; having worked in security before as an engineering manager (Pretty Good Privacy, startup), our team took everything seriously. You just don’t change Stuff without going over it head to toe, and I’d bet this was rushed out like everything else. Security staff should have the competence to get it right, and the integrity to push back hard against a management willing to endanger user security by rushing out new features.

macOS High Sierra Blocks install of system extensions by default
macOS High Sierra Blocks install of system extensions by default

Zero Day Exploit in macOS High Sierra

So much for “good”:

Objective See: High Sierra's 'Secure Kernel Extension Loading' is Broken › a new 'security' feature in macOS 10.13, is trivial to bypass.

In brief:

SKEL merely hampers the efforts of the 'good guys' (i.e. 3rd-party macOS developers such as those that design security products). Due to flaws in its implementation, the bad guys (hackers/malware) will likely remain unaffected. While many respected security researchers, system administrators, and macOS developers have voiced this concern, here we'll prove this by demonstrating a 0day vulnerability in SKEL's implementation that decisively bypasses it fully.

...

While at this time I cannot release technical details of the vulnerability, here's a demo of a full SKEL bypass. As can be seen below in the iTerm window below, after dumping the version of the system (High Sierra, beta 9) and showing that SIP is enabled and that kernel extension we aiming to load (LittleSnitch.kext) is not loaded, nor is in the 'kext policy' database, something magic happens. In short, we exploit an implementation vulnerability in SKEL that allows us to load a new unapproved kext, fully programmatically, without any user interaction.

MPG: enjoy your new Mac with smokin' HighSierra.

Dumping user passwords

Here’s another nifty security problem: on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords) 🍎�😭 v.

OMG OMG OMG OMG OMG OMG

OWC Envoy Express

World’s first Thunderbolt 3 M.2 NVME SSD enclosure.

Super fast, bus-powered, 3.3 oz, DIY easy, rugged and compact!


See also OWC Express 4M2
√ No more slow and noisy hard drives!
OWC Envoy Pro EX SSD
Blazingly fast Thunderbolt 3 SSD!

Up to 4TB capacity, USB-C compatible.

USB-C model also available


Great for travel or for desktop!
OWC Accelsior 4M2 PCIe SSD
6000 MB/sec!
Mac or PC.


Ideal for Lightroom, Photoshop, video.
Capacity up to 16TB!
View all handpicked deals...

LG UM7370PUA 70" Class HDR 4K UHD Smart LED TV
$1199 $779
SAVE $420

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__