This topic created in 3135 days ago, the information mentioned may be changed or developed.
Patrick Wardle, Synack ’ s head of research, posted a video on Monday that shows how code he wrote can be used to get passwords from macOS ’ s Keychain. Keychain is the password manger built into macOS, and it usually requires a master password to access it. But Wardle ’ s code was able to access Keychain and collect passwords.
 |
1
0xcb Sep 26, 2017 via Android
之前版本都可以的啊,只要你授权管理员帐户,dump keychain 简单的很
|
 |
3
bkmi Sep 26, 2017 via Android
按理说这应该是个大新闻,但是竟然没人关注的,神奇神奇
|
 |
6
tairan2006 Sep 26, 2017
…这个很严重啊,还升什么级。。
|
 |
7
usedname Sep 26, 2017
这个 bug 没人关注?
|
 |
8
BearD01001 Sep 26, 2017
持续关注...
|
 |
9
NVDA Sep 26, 2017
看到了,原作者说给 Apple 发邮件了但是没有回应,我也好奇这明明就是个大新闻为什么没人发...
|
 |
10
wuhao930301 Sep 26, 2017
手动关注。为什么 Beta 版的时候没曝出来,是正式版才有的 bug 么
|
 |
11
Chingim OP @wuhao930301 小人之心地不负责任地推断, 这漏洞估计早就发现了, 就等苹果发布正式版吧
|
 |
12
onevcat Sep 26, 2017
https://twitter.com/patrickwardle/status/912254053849079808
这个吧?看起来是一直就有的吧,作者也说“ other versions of macOS are vulnerable too ” 只有 unsign app 能干这事儿,没签名或者签名不对的 app 别用就是了.. |
 |
13
warking Sep 26, 2017
Correction: The exploit affects other macOS versions too, including the latest High Sierra, but is not specific to the latter only. Apple has actually fixed a number of critical security flaws with macOS 10.13 making it an important update.
http://wccftech.com/macos-high-sierra-hackers-steal-passwords/ |
Select Language