All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Upgrade the memory of your 2019 iMac up to 128GB
Handpicked deals...
$390 $270
SAVE $120

$1798 $1598
SAVE $200

$3297 $2797
SAVE $500

$3397 $2797
SAVE $600

$150 $90
SAVE $60

$1398 $898
SAVE $500

$3698 $2998
SAVE $700

$2998 $2498
SAVE $500

$1799 $1299
SAVE $500

$1999 $1199
SAVE $800

$2299 $1599
SAVE $700

$2399 $2049
SAVE $350

$2799 $2399
SAVE $400

$2799 $1899
SAVE $900

$1199 $920
SAVE $279

$1349 $1049
SAVE $300

$997 $897
SAVE $100

$2099 $1699
SAVE $400

$1999 $1349
SAVE $650

$1999 $1599
SAVE $400

$1999 $1999
SAVE $0

$1329 $929
SAVE $400

$4499 $3999
SAVE $500

$329 $329
SAVE $0

$1499 $999
SAVE $500

$1499 $1289
SAVE $210

$2199 $1999
SAVE $200

$3399 $2199
SAVE $1200

$2468 $1768
SAVE $700

Apple 13-inch MacBook Pro
Only $1799 $1149

8GB / 256GB SSD / 2.3 Ghz Intel Core i5

Apple Refurbished Factory Sealed
Apple 1 Year Limited Warranty
Awesome for a student!

macOS HighSierra: New Security Behavior includes a new Zero Day Exploit (kernel level compromise) and Dumping User Passwords

Get iMac 5K at B&H Photo and see my Mac wishlist.

This seems to be a move forward in making macOS less susceptible to malware—good. See Technical Note TN2459 User-Approved Kernel Extension Loading.

...

Update: so much for “good”: there is apparently a zero day exploit that comes with this new security theater. This exploit allows taking full control of the computer, more on that below.

In macOS HighSierra: Brief Use Brings Relief in a Way: Worth Ignoring for a While, I used the term “incompetent” in my post, which is too kind apparently. It should be something like “negligently incompetent”. That is, introducing a new zero day exploit that allows taking over macOS in the course of introducing a new almost marginal useful security feature.

I don’t usually hold developers at fault, since management’s calendar-driven shipping schedule guarantees problems. But in this case I have to make an exception; having worked in security before as an engineering manager (Pretty Good Privacy, startup), our team took everything seriously. You just don’t change Stuff without going over it head to toe, and I’d bet this was rushed out like everything else. Security staff should have the competence to get it right, and the integrity to push back hard against a management willing to endanger user security by rushing out new features.

macOS High Sierra Blocks install of system extensions by default
macOS High Sierra Blocks install of system extensions by default

Zero Day Exploit in macOS High Sierra

So much for “good”:

Objective See: High Sierra's 'Secure Kernel Extension Loading' is Broken › a new 'security' feature in macOS 10.13, is trivial to bypass.

In brief:

SKEL merely hampers the efforts of the 'good guys' (i.e. 3rd-party macOS developers such as those that design security products). Due to flaws in its implementation, the bad guys (hackers/malware) will likely remain unaffected. While many respected security researchers, system administrators, and macOS developers have voiced this concern, here we'll prove this by demonstrating a 0day vulnerability in SKEL's implementation that decisively bypasses it fully.

...

While at this time I cannot release technical details of the vulnerability, here's a demo of a full SKEL bypass. As can be seen below in the iTerm window below, after dumping the version of the system (High Sierra, beta 9) and showing that SIP is enabled and that kernel extension we aiming to load (LittleSnitch.kext) is not loaded, nor is in the 'kext policy' database, something magic happens. In short, we exploit an implementation vulnerability in SKEL that allows us to load a new unapproved kext, fully programmatically, without any user interaction.

MPG: enjoy your new Mac with smokin' HighSierra.

Dumping user passwords

Here’s another nifty security problem: on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords) 🍎�😭 v.

OMG OMG OMG OMG OMG OMG

Apple iMac 5K Speed Demon
$3849
$3499

It rocks! What Lloyd uses every day, best upgrade in many years!

SMART MOVES:
• Add 128GB or 64GB memory
fast SSD storage
Thunderbolt storage

√ B&H Photo PAYS THE SALES TAX FOR YOU More info...

Deals Updated Daily at B&H Photo
View all handpicked deals...

Samsung 2TB T5 Portable Solid-State Drive (Black)
$390 $270
SAVE $120

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__