Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Researcher Declines to Share Zero-Day macOS Keychain Exploit with Apple

Keysteal_exploit

Security researcher Linus Henze demoed a zero-day macOS exploit impacting the Keychain password management system which can store passwords for applications, servers, and websites, as well as sensitive information related tobanking accounts.

All the datastored in the macOS Keychain app is encrypted by default, blocking other users or third-party apps from gaining access to it without proper permissions.

Thevulnerability found by Henze in Apple's macOS operating system last week is present "in the keychain's access control" and it could allow a potential attacker to steal Keychain passwords from any local user account on the Mac, without theneed of admin privileges nor the keychain master password.

According to the researcher, the zero-day he found works"as long as the keychain is unlocked (which it usually is as long as you’re logged in), except for the System keychain - containing WiFi passwords etc. - which may be locked."

Additionally, the exploit impacts all macOS...(continued)

View All Trending Stories