New macOS Security Bug Unlocks App Store With Any Password

-

New macOS Security Bug Unlocks App Store With Any Password


Back at the tail end of November, Apple had to rush out an emergency security patch after news of a serious security flaw surfaced in macOS High Sierra. That bug allowed users to log into a system by typing “root” for a login, then hitting enter for a login attempt several times in a row. Now there’s a new bug; it isn’t as much of a risk as that one, but it’s still a significant issue.
The bug appears limited to High Sierra (Sierra isn’t affected), and has been verified by Macrumors as existing in 10.13.2, the latest version of the operating system. Macrumors states that it cannot reproduce the error on the beta versions of macOS 10.13.3, suggesting it’ll be fixed in an upcoming release. Nevertheless, it remains active for now.

Reproducing the bug is fairly simple and involves the following steps, as laid out by eholtam, who found the bug:
1) Log in as a local admin
2) Open App Store Pref pane from the System Preferences
3) Lock the padlock if it is already unlocked
4) Click the lock to unlock it
5) Enter any bogus password


The expected behavior, obviously, is that the login attempt will fail. The actual behavior is that the login and unlock attempt works perfectly. The bug only works when you’re logged into an administrative account, but it’s another example of how Apple seems to have dropped the ball on setting user policies and permissions properly. While not nearly as risky as the earlier login bug, Apple clearly didn’t perform some due diligence testing it needed to engage in. Being able to change preferences in the App Store allows you to change the schedules for app updates, system updates, and security updates. Flipping those settings could be used in conjunction with another attack to ensure a system wasn’t patched to close a security hole, though local access or at least administrator access from a remote location are required.

The optics of the situation are worse, given that Apple specifically declared it would revisit its practices to prevent a reoccurrence. Back in late November, the company wrote: “We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”
Clearly that audit isn’t quite finished yet. There’s no current workaround to this issue, so the only real option is to wait for Apple to provide a solution.
Source:- Extreme Tech

Comments

Post a Comment

Popular posts from this blog

Web Hacking with Burp Suite - Part II

-
Image
 Web Hacking with Burp Suite -II In previous blog i discussed about ghe basic of Brup Suite, Now we are going to discuesss breifly  Lets start..... Burp Suite Overview: Burp Suite has a large array of features, including but not limited to: Interception Proxy:  Designed to give the user control over requests sent to the server. Repeater:  The ability to rapidly repeat/modify specific requests. Intruder:  Feature that allows automation of custom attacks/payloads Decoder:  Decode and encode strings to various formats (URL, Base64, HTML, etc.) Comparer:  Can highlight differences between requests/responses Extender:  API to extend Burps functionality, with many free extensions available via the BApp store. Spider and Discover Content feature:  Crawls links on a web application, and the discover content can be used to dynamically enumerate unlinked content. Scanner (Pro Only):  Automated scanner that checks for web appl...
Read more

Ghost Phisher - Phishing & Penetration Attacks

-
Image
Ghost Phisher - Phishing & Penetration Attacks Ghost Phisher   is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot,could be used to service DHCP request , DNS requests or phishing attacks Features : ºHTTP Server ºInbuilt RFC 1035 DNS Server ºInbuilt RFC 2131 DHCP Server ºWebpage Hosting and Credential Logger (Phishing) ºWifi Access point Emulator ºSession Hijacking (Passive and Ethernet Modes) ºARP Cache Poisoning (MITM and DOS Attacks) ºPenetration using Metasploit Bindings ºAutomatic credential logging using SQlite Database ºUpdate Support Operating System Supported Software runs on any Linux machine with the programs prerequisites, Prerequisites The Program requires the following to run properly: The following dependencies can be insta...
Read more

How to hack CCTV camera 🎥

-
Image
 How to hack CCTV camera 🎥 Step 1 : Downloading Angry IP Scanner Angry IP scanner   that is generally used by network administrators for port scanning and detecting for the suspicious activity.It is available on all the major OS. First Download and install the Angry IP scanner. Step 2 : Knowing your IP address range It is very important to know your public IP for accomplishing our target.CCTV cameras are connected to our broadband internet connection.If you are using a broadband connection then you can know your public IP by just going to   Google   or  Bing  and typing in the search box “My IP” .It will show your public IP. Here 103.26.218.207 is my public IP .So the IP range will be 103.26.218.1 to 103.26.218.255 Step 3 : Configuring Angry IP scanner Now you have to open   Angry IP Scanner . Go to Tools > Preferences > Ports | include ports 80,8080,23 in Port choice tab  It will filte...
Read more