All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Capacities up to 48TB and speeds up to 1527MB/s

macOS HighSierra: New Security Behavior includes a new Zero Day Exploit (kernel level compromise) and Dumping User Passwords

Get iMac 5K at B&H Photo and see my Mac wishlist.

This seems to be a move forward in making macOS less susceptible to malware—good. See Technical Note TN2459 User-Approved Kernel Extension Loading.

...

Update: so much for “good”: there is apparently a zero day exploit that comes with this new security theater. This exploit allows taking full control of the computer, more on that below.

In macOS HighSierra: Brief Use Brings Relief in a Way: Worth Ignoring for a While, I used the term “incompetent” in my post, which is too kind apparently. It should be something like “negligently incompetent”. That is, introducing a new zero day exploit that allows taking over macOS in the course of introducing a new almost marginal useful security feature.

I don’t usually hold developers at fault, since management’s calendar-driven shipping schedule guarantees problems. But in this case I have to make an exception; having worked in security before as an engineering manager (Pretty Good Privacy, startup), our team took everything seriously. You just don’t change Stuff without going over it head to toe, and I’d bet this was rushed out like everything else. Security staff should have the competence to get it right, and the integrity to push back hard against a management willing to endanger user security by rushing out new features.

macOS High Sierra Blocks install of system extensions by default
macOS High Sierra Blocks install of system extensions by default

Zero Day Exploit in macOS High Sierra

So much for “good”:

Objective See: High Sierra's 'Secure Kernel Extension Loading' is Broken › a new 'security' feature in macOS 10.13, is trivial to bypass.

In brief:

SKEL merely hampers the efforts of the 'good guys' (i.e. 3rd-party macOS developers such as those that design security products). Due to flaws in its implementation, the bad guys (hackers/malware) will likely remain unaffected. While many respected security researchers, system administrators, and macOS developers have voiced this concern, here we'll prove this by demonstrating a 0day vulnerability in SKEL's implementation that decisively bypasses it fully.

...

While at this time I cannot release technical details of the vulnerability, here's a demo of a full SKEL bypass. As can be seen below in the iTerm window below, after dumping the version of the system (High Sierra, beta 9) and showing that SIP is enabled and that kernel extension we aiming to load (LittleSnitch.kext) is not loaded, nor is in the 'kext policy' database, something magic happens. In short, we exploit an implementation vulnerability in SKEL that allows us to load a new unapproved kext, fully programmatically, without any user interaction.

MPG: enjoy your new Mac with smokin' HighSierra.

Dumping user passwords

Here’s another nifty security problem: on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords) 🍎�😭 v.

OMG OMG OMG OMG OMG OMG

Durable and fast, up to 1800MB/s
B&H Deal ZoneDeals by Brand/Category/Savings
Deals expire in 65 min unless noted. Certain deals may last longer.
$999 SAVE $700 = 41.0% $101 FREE ITEMS Canon EOS 6D DSLR in Cameras: DSLR
$649 SAVE $250 = 27.0% $20 FREE ITEMS Canon EOS 77D DSLR in Cameras: DSLR
$1049 SAVE $450 = 30.0% $20 FREE ITEMS Canon EOS 77D DSLR with 18-135mm USM in Cameras: DSLR
$1349 SAVE $450 = 25.0% $20 FREE ITEMS Canon EOS 7D Mark II DSLR in Cameras: DSLR
$1299 SAVE $500 = 27.0% $101 FREE ITEMS Canon EOS 80D DSLR with 18-135mm in Cameras: DSLR
$229 SAVE $170 = 42.0% $99 FREE ITEMS Dracast CamLux Max Bi-Color 3-Light Kit in All Other Categories
$7 SAVE $10 = 58.0% Joby Action Grip in Video: Camcorders
$2497 SAVE $470 = 15.0% $468 FREE ITEMS Nikon D500 DSLR with 16-80mm in Cameras: DSLR
$1497 SAVE $500 = 25.0% $466 FREE ITEMS Nikon D750 DSLR in Cameras: DSLR
$1997 SAVE $1100 = 35.0% $466 FREE ITEMS Nikon D750 DSLR with 24-120mm in Cameras: DSLR
$1747 SAVE $570 = 24.0% $61 FREE ITEMS Nikon D7500 DSLR with 16-80mm in Cameras: DSLR
$3297 SAVE $800 = 19.0% $556 FREE ITEMS Nikon D810 DSLR with 24-120mm in Cameras: DSLR
$1697 SAVE $200 = 10.0% Pentax K-1 DSLR in Cameras: DSLR
$599 SAVE $200 = 25.0% Rokinon 14mm f/2.8 AF in Lenses: DSLR
$100 SAVE $100 = 50.0% Sachtler Dr. Bag - 3 in All Other Categories
$1998 SAVE $400 = 16.0% Sony a7R II Mirrorless in Cameras: Mirrorless
$368 SAVE $80 = 17.0% Sony DSC-RX100 in Cameras: Point and Shoot
$648 SAVE $100 = 13.0% $37 FREE ITEMS Sony DSC-RX100 III in Cameras: Point and Shoot
$300 SAVE $160 = 34.0% $9 FREE ITEMS Steiner 8x32 XC Binocular in All Other Categories
$790 SAVE $400 = 33.0% Teradek COLR in Computers: Peripherals
$1399 SAVE $100 = 6.0% ZEISS 18mm f/2.8 Batis in Lenses: Mirrorless

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2008-2017 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__