CYBER NEWS

Bug do macOS expõe senhas em texto simples usando um comando de terminal

Outra vulnerabilidade no macOS foi descoberta, expondo as senhas usadas para unidades externas APFS criptografadas em texto simples. O bug está presente no macOS 10.13.1, e de acordo com mac4n6, o pesquisador que o encontrou, it’s still there in macOS 10.13.3. The bug is also quite trivial to exploitsimply by using a Terminal command. Contudo, in the latter case the flaw can be noticed when encrypting an existing unencrypted APFS drive, explica a pesquisadora.

Story relacionado: 15-Year-Old MacOS Bug em Leads IOHIDFamily ao comprometimento do sistema completa

macOS Bug Exposes in Plain Text Passwords for Encrypted APFS External Drives

What is Apple doing to address this issue? There isn’t any information on how Apple is treating this bug. This leaves us in the dark not knowing whether it was fixed in the newest versions of macOS. Contudo, the bug is most likely not triggered the same way as it was in the older build of the operating system.

De acordo com mac4n6:

The newfs_apfs command can take a passphrase as a parameter using the mostly undocumented “-S” flag. It is not documented in the man page. However when run without parameters, it will show it.

I tried to recreate this scenario on my current system running 10.13.3 but was unable to do so therefore I believe this bug has been addressed. I was however able to recreate it on a 10.13 sistema (the image screenshot above is from a 10.13.1 system.) I have not tried it on a 10.13.2 system as I do not have one easily available.

Pelo visto, after some more testing was done by two other researchers, it appears that the bug has also been fixed in 10.13.2.

Story relacionado: Correção da Apple corrige vulnerabilidade crítica em High Sierra (CVE-2017-7149)

CVE-2017-7149 Bug Shared Similar APFS Scenario

Just in October last year, researcher Matheus Mariano came across a critical bug that was affecting the High Sierra operating system, especificamente no sistema de gerenciamento de volume APFS. The researcher came across the bug while he was interacting with a new encrypted volume in a APFS container.

He opted to create a password together with the hint. When the new container was mounted and the password prompt activated, the password was revealed in the hint field. During the investigation it has been revealed that the issue affects only Mac computers and laptops equipped with SSD drives.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...