399 matches found
CVE-2017-1000097
Removed by vendor...
CVE-2017-1000097
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate...
A week in security (September 25 – October 01)
Recently, we talked about the hacking incident at Deloitte, one of the 'big four' global accounting firms. It was reported that client email addresses, usernames, and passwords were exposed. This also brought to light weaknesses in their policies and lack of threat intelligence to recover leaked...
On the macOS Keychain Attack, Signal’s New Contact Service, the Deloitte Hack, and More
Mike Mimoso and Chris Brook recap the news of the week, including the macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities. Download: ThreatpostNewsWrapSeptember292017.mp3 Music by Chris Gonsalves Show...
Fan your face for 20! Apple system macOS High Sierra(10.13 announced before the release of the again exposed oday vulnerability flaws bug-a vulnerability warning-the black bar safety net
In Apple's estimation of 9 on 25 September the launch of its desktop and notebook computers the latest version of the manipulation of the system-macOS High Sierra(10.13 the previous several hours, a network security seminar staff announced on Twitter a video showing him in the macOS High Sierra...
Gatekeeper Alone Won’t Mitigate Apple Keychain Attack
Apple’s advice to rely on Gatekeeper as a mitigation against a Keychain attack disclosed this week by researcher Patrick Wardle doesn’t fully address the risk. Experts, Wardle included, said that while Gatekeeper is a solid measure in preventing unsigned code from executing on a macOS machine, it...
Keychain vulnerability in macOS
On Monday, Patrick Wardle, a respected security researcher at Synack and owner of Objective-See, sent a tweet about a keychain vulnerability he had found in macOS High Sierra. As his tweet showed, it is possible for a malicious app to extract, and then exfiltrate, keychain data from High Sierra,...
macOS High Sierra Available—And Vulnerable to Keychain Attack
Apple made its latest OS update available Monday, but the release of High Sierra was tainted somewhat by the fact it comes replete with a critical vulnerability that allows an attacker to dump plaintext passwords from the macOS Keychain. Researcher Patrick Wardle, chief security researcher at...
Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext
Apple yesterday rolled out a new version of its macOS operating system, dubbed High Sierra 10.13—a few hours before an ex-NSA hacker publicly disclosed the details of a critical vulnerability that affects High Sierra as well as all earlier versions of macOS. Patrick Wardle, an ex-NSA hacker and n...
Dagon - Advanced Hash Manipulation
Named after the prince of Hell, Dagon day-gone is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, and much more. Screenshots...
Apple Safari Safari Login AutoFill Component Local Security Bypass Vulnerability
Apple Safari is a web browser developed by Apple and is the default browser that comes with Mac OS X and iOS operating systems.Safari Login AutoFill is one of the Safari Login AutoFill components. A security vulnerability exists in the Safari Login AutoFill component in Apple Safari versions prio...
Fatal vulnerability will allow an attacker to bypass Apple's OTR signature verification and steal your iCloud keychain information-vulnerability warning-the black bar safety net
! Background content In the analysis of the iOS platform and sandbox escape about the attack surface when we in the iCloud keychain sync feature of OTR implementation has discovered a serious security vulnerability. iCloud keychain sync feature allows users in a secure manner across the device to...
Request KeyChain Access
github.com/docker/docker-credential-helpers requests keychain access for random keys. This is when the credential helper doesn't have a login keychain specified. It then tries to look at every registered keychain...
PT-2017-10802 · Apple +1 · Darwin +1
Name of the Vulnerable Software and Affected Versions: Darwin affected versions not specified Description: The issue concerns the handling of root certificates on Darwin systems. Specifically, if a user has a root certificate loaded in their Keychain that is explicitly marked as not trusted, Go...
CVE-2017-2448
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging...
CVE-2017-2448
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging...
CVE-2017-2385
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors...
Design/Logic Flaw
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors...
CVE-2017-2385
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors...
Authentication flaw
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging...