/>
X

Apple fixes two High Sierra password bugs

It's the first update for the new Mac operating system since it was released last month.
zack-whittaker-hs2016-rtsquare-1.jpg
Written by Zack Whittaker, Writer-editor on

(Image: CNET/CBS Interactive)

Apple has fixed two vulnerabilities in its Mac operating system that put passwords at risk of theft by hackers.

The company released the security fix Thursday, an Apple spokesperson told ZDNet.

Synack's Patrick Wardle, who was credited with finding one of the now-fixed vulnerabilities, revealed a password-stealing bug just hours before High Sierra was released.

The bug let an attacker grab and steal every password in plain text using a malicious, unsigned app downloaded from the internet -- without needing the user's master Keychain password.

Apple fixed the bug by requiring users to enter their password before unlocking their Keychain.

Thursday's security update also fixed another security vulnerability affecting encrypted volumes using Apple's new file system, APFS, in which the volume's password was stored as the password hint and could be revealed in plain text.

Apple acknowledged Matheus Mariano for finding the bug.

Related

Are you ready for the worst Economy Class airline seats in the world?
airline-seats.jpg

Are you ready for the worst Economy Class airline seats in the world?

Business
Remote working vs back to the office: Benefits are clear, but there could be trouble ahead for some
A middle aged man in casual attire sat at his computer desk speaking to colleagues via a split-screen video chat application

Remote working vs back to the office: Benefits are clear, but there could be trouble ahead for some

Professional Development
This stuff is better than compressed air for cleaning your dirty tech
img-6864

This stuff is better than compressed air for cleaning your dirty tech

Office Hardware & Appliances