Discovered a bug in macOS High Sierra
Patrick Wardle, a former US NSA employee, discovered an error in macOS High Sierra by which an attacker could access to password protected areas.
MacOS has a system to avoid the unwanted loading of kernel extensions with which the user is asked whether or not it allows the software could access to data.
Wardle accidentally discovered this failure, which allows answering to that question automatically, and with just two lines of code, simulating a couple of clicks down, he noted that the operating system tried it as a manual approval.
Once it is done, an unauthorized user could get access to data such as contacts, location or keys stored in the operating system.
This problem has already been patched in macOS Mojave, which is currently in beta phase.
-
12/08/2018threatpost.com
-
14/08/2018hotforsecurity.bitdefender.com