Apple issues two security updates for its macOS High Sierra
Apple has recently came out with a supplemental security update for its macOS High Sierra 10.13. This act of Apple is for the purpose of patching two issues, one of which fixes a keychain password issue discovered last week.
The first vulnerability, CVE-2017-7149, is an issue present in the StorageKit, and if this issue was exploited, it could possibly allow a local attacker to gain access to an encrypted APFS file.
The second one, CVE-2017-7150, is a security issue where a malicious application can extract keychain passwords.
Apple reported that if a user set a hint in Disk Utility when creating an APFS encrypted volume the password was stored in the hint, so the fix now clears hint storage if the hint was the password.
It is to be noted that the second vulnerability has allowed the applications to bypass the keychain access prompt with a synthetic click and was fixed by now requiring the user password when prompting for keychain access. This problem was identified several days ago by Patrick Wardle, chief security researcher at Synack and founder of Objective-See.
Comments ( 0 )
No comments available