New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer , it's the latest example of a threat that uses Telegram as a command-and-control C2 platform to exfiltrate data. It primarily affect...

New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

A new information-stealing malware has set its sights on Apple's macOS operating system to siphon sensitive information from compromised devices. Dubbed MacStealer, it's the latest example of a threat that uses Telegram as a command-and-control C2 platform to exfiltrate data. It primarily affects...

SUSE CVE-2017-1000097

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

Google Adds Passkey Support to Chrome for Windows, macOS and Android

Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant's Ali Sarraf said...

Pilfered Keys: Free App Infected by Malware Steals Keychain Data

Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users...

Apple puts the password on life support with passkey

The "passwordless future" is something many internet users--and a great majority of the cybersecurity industry--have hoped for. Now Apple is about to make those hopes a reality. With the release of iOS 16 yesterday, and macOS Ventura next month, Apple fans will be able to use passkeys, its passwo...

CVE-2022-20314

In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

CVE-2022-20314

In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

CVE-2022-20314

In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

Input validation

In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

CVE-2022-20314

CVE-2022-20314 affects Google Android KeyChain on Android-13. The issue is a spoof keychain chooser activity request caused by improper input validation in KeyChain, enabling local escalation of privilege with System execution privileges required. Exploitation requires no user interaction. The An...

CVE-2022-20314

In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

PT-2022-14539 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to improper input validation in KeyChain, allowing a possible spoof keychain chooser activity request. This could lead to local escalation of privilege with System execution...

CVE-2022-20230

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2022-20230

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2022-20230

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

PT-2022-14455 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: The issue is related to improper input validation in the choosePrivateKeyAlias function of KeyChain.java, which could lead to local information disclosure. User interaction is...

Apple’s passkeys attempt to solve the password problem

The recent Apple Worldwide Developers Conference WWDC revealed another teasing of what has been referred to as "the end of passwords forever". Passkeys are a "new biometric sign-in standard". Biometrics in security circles are used for things like identity cards, building access, and so on. This...

GO-2022-0171 Mishandled trust preferences for root certificates on Darwin in crypto/x509

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...

Allow Citrix Secure Access app for macOS to access device certificate without asking for system credentials every time

If device certificate check has been configured on ADC, then the client app Citrix Secure Access must provide the device certificate present in the Mac’s Keychain. Since the certificate is placed in “System Keychain”, macOS might prompt for system credentials every time the user logs on. To avoid...