Thunderbolt port on MacBook Pro

Security holes in macOS High Sierra expose computer passwords and firmware

Even before the macOS High Sierra to be made available to the general public on the App Store, a former NSA employee released a proof of concept of a vulnerability in access to credentials through the system on Twitter.

Through the flaw, it is possible for applications without a digital signature issued by Apple to obtain user logins and passwords in plain text, without the need to decrypt the content by password.

The video above shows the code example created by Patrick Wardle to present the vulnerability. Currently, Macs cannot run compiled applications without a digital signature generated by Apple by default (you can change this behavior in System Preferences), but there is a possibility that the problem exists in earlier versions of macOS.

In a note to CNET on the matter, Apple reiterated that users can count on the Gatekeeper to prevent malicious applications based on this proof of concept, but did not predict when this problem will definitely be fixed.

· • ·

However, this is not the only problem involving risk of password leakage found in the High Sierra. Our reader Matheus Mariano sent us a video exemplifying it as a bug in Disk Utility (Disk Utility) can expose passwords used to encrypt APFS partitions when installing the system.

According to Matheus, when creating a new APFS partition with encryption and installing High Sierra on it, the password used to protect it is recorded as plain text and can be seen from the outside, as a password hint. This problem was noted during the test versions of the operating system, but apparently has not been fixed.

Thunderstrike

Two years ago, we talked about a firmware vulnerability in computers with Thunderbolt ports (including PCs), which also opened up the EFI for Macs and MacBooks to completely replace your factory firmware with another one. An attack at this level (which became known as “Thunderstrike”) would be able to withstand system formatting, making vulnerable computers permanently compromised.

Thunderbolt port on MacBook Pro

Since then, Apple has managed to produce a fix on newer machines, integrating its distribution by upgrading macOS to older equipment. However, researchers from Duo Security managed to survey a sample of more than 70,000 Macs, which did not receive the latest version of EFI distributed by their manufacturer.

In some cases, the discrepancies are absurd. For example, of all the 21.5-inch iMacs released in late 2015 that were analyzed, 43% of them did not receive the fixes for the vulnerability Thunderstrike. In addition, they identified 16 combinations of hardware and operating systems, which did not receive patches of EFI between macOS versions 10.10 and 10.12.6.

Apple has also released a note to several news outlets on the topic, saying it is aware of the survey and working to fix firmware issues affecting Macs. As part of the initiatives, there is a new firmware validation tool, already found in operation in the High Sierra.

via Forbes, 9to5Mac