SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
4 Sep 2015

Critical OS X flaw grants Mac Keychain access to malware

A security researcher disclosed a zero-day vulnerability in Mac OS X that allowed attackers to obtain unrestricted root user privileges with the help of code that even fits in a tweet.

The same vulnerability has now been upgraded to again infect Mac OS X machines even after Apple fixed the issue last month. The privilege-escalation bug was once used to circumvent security protections and gain full control of Mac computers.

Thanks to the environment variable DYLD_PRINT_TO_FILE Apple added to the code of OS X 10.10 Yosemite. The vulnerability then allowed attackers to install malware and adware onto a target Mac, running OS X 10.10 (Yosemite), without requiring victims to enter system passwords. However, the company fixed the critical issue in the Mac OS X 10.11 El Capitan Beta builds as well as the latest stable version of Mac OS X – Version 10.10.5.

Mac Keychain Flaw

Now, security researchers from anti-malware firm MalwareBytes spotted the updated version of the same highly questionable malicious installer is now accessing user's Mac OS X keychain without user's permission.

Once executed, the updated installer throws an installer request that asks for permission to access the user's OS X keychain. The installer automatically simulates a click on the "Allow" button as soon as it appears, which allows it to gain access to the Safari Extensions List, said MalwareBytes researcher Thomas Reed. This allows the malicious installer to install a Genieo Safari extension. The entire process of installing a malicious extension and gain access to OS X keychain takes just a fraction of a second.

You're Totally Screwed Up

However, the more worrisome part is that the installer could easily be modified to grant attackers access to other data from the keychain alongside passwords for user's Gmail account, iCloud account, and other important accounts.

Meanwhile, two security researchers from Beirut independently reported the Mac Keychain vulnerability, the same day Malwarebytes researchers disclosed their findings involving Genieo. The technique works on Mac systems only when invoked by an app already installed on user's systems.

The issue is critical because the Mac keychain is supposedly the protected place for storing account passwords and cryptographic keys. Apple has yet to respond to this latest issue. Until then, Mac users are advised to follow the standard security practices, such as do not download files from unknown or untrusted sources, and be wary of emails or websites that seem suspicious.

Tags:
information leaks OS X Keychain Apple
Source:
The Hacker News
2252
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015