•   
  •   

Tech & Science Yet Another Password Vulnerability Has Been Found In macOS High Sierra

14:30  11 january  2018
14:30  11 january  2018 Source:   gizmodo.com.au

Intel reveals chip design flaw that could have allowed hackers to access hidden info

  Intel reveals chip design flaw that could have allowed hackers to access hidden info Hardware and software manufacturers including Apple and Microsoft began pushing out patches that protected against attacks making use of the flaw. The flaw, which Intel dubbed a side-channel analysis attack,  was discovered "months ago" Intel CEO Brian Krzanich said on CNBC Wednesday. The discovery was made by researchers at Google's Project Zero security group, which reported it to the affected companies. The vulnerabilities undermine some of the most fundamental security constraints employed by modern computers, said Craig Young, a researcher at computer security company Tripwire.

For the third time in recent months, big problems have been discovered with macOS High Sierra . Two months later, software developer Lemi Orhan Ergin realized that gaining root access to High Sierra machines was essentially as easy as inputting the username “root,” no password required.

Yet another password vulnerability has been uncovered in macOS High Sierra , which unlocks App Store System Preferences with any password (or no password at all). A new password bug has been discovered in the latest version of macOS High Sierra that allows anyone with access to your Mac to

a screenshot of a cell phone© Provided by Business Insider Australia

For the third time in recent months, big problems have been discovered with macOS High Sierra.

In September, a security researcher named Patrick Wardle discovered an exploit to snag plaintext passwords from Keychain. Two months later, software developer Lemi Orhan Ergin realised that gaining root access to High Sierra machines was essentially as easy as inputting the username "root", no password required. And now, Macrumors reports, a gaping hole has been found that could affect a Mac user's security.

A bug report on Open Radar from earlier this week - affecting version 10.13.2 - allows any user to change the App Store system preferences without a real password, in five steps or fewer:

Apple Says All Macs, IPhones, IPads Exposed to Chip Flaw

  Apple Says All Macs, IPhones, IPads Exposed to Chip Flaw Apple Inc. said all Mac computers and iOS devices, like iPhones and iPads, are affected by chip security flaws unearthed this week, but the company stressed there are no known exploits impacting users. The Cupertino, California-based company said recent software updates for iPads, iPhones, iPod touches, Mac desktops and laptops, and the Apple TV set-top-box mitigate one of the vulnerabilities known as Meltdown. The Apple Watch, which runs a derivative of the iPhone’s operating system is not affected, according to the company.

A newly discovered macOS High Sierra flaw is potentially leaving your personal data at risk. In the vulnerability he found , someone with physical access to a macOS machine can access and Users who have configured their system to use the Name and password login window are also vulnerable .

And now, Macrumors reports, a gaping hole has been found that could affect a Mac user’s security. A bug report on Open Radar from earlier this week—affecting version 10.13.2—allows any user to change the App Store system preferences without a real password , in five steps or fewer

1) Log in as a local admin

2) Open App Store Prefpane from the System Preferences

3) Lock the padlock if it is already unlocked

4) Click the lock to unlock it

New Android Malware Variant Is Stealing Uber Passwords

  New Android Malware Variant Is Stealing Uber Passwords Security researchers have identified a new variant of Android malware that is stealing Uber passwords.The malware is a new variation on Android.Fakeapp, a common malware targeting Android devices. Previous versions of the attack have aimed to steal credit card numbers and other personal information, but the latest variant is specifically targeting Uber users.

For the third time in recent months, big problems have been discovered with macOS High Sierra . Is it as serious a vulnerability as gaining root access? Of course not. But the purpose of a password 2017 was a grim year for Apple, as bugs, vulnerabilities and public gaffes piled up against the

For the third time in recent months, big problems have been discovered with macOS High Sierra . Is it as serious a vulnerability as gaining root access? Of course not. But the purpose of a password field is to deny entry to those without it—a basic feature of modern computing.

5) Enter any bogus password

If a machines is already unlocked, someone with malicious intent could easily turn off "automatically check for updates", leaving a machine's current bugs unpatched. Is it as serious a vulnerability as gaining root access? Of course not. But the purpose of a password field is to deny entry to those without it - a basic feature of modern computing. Fortunately, according to Macrumors' tests, the issue appears to be resolved in the forthcoming 10.13.3 update - which you wouldn't be alerted to if automatic updates are turned off.

2017 was a grim year for Apple, as bugs, vulnerabilities and public gaffes piled up against the company that built its image on slick, highly designed products. Hopefully the App Store settings exploit isn't an indicator of what's to come.

In the midst of complex hacking operations, here are simple tips to improve your cybersecurity .
In the tech realm, a new year brings new gadgets — and new worries about cybersecurity as more and more security breaches are revealed.  The most recent scare, called Spectre or Meltdown, involves vulnerabilities to processing chips that date back to 1995, resulting in billions of devices that are susceptible to intrusion, says Jason Koebler, editor-in-chief of the online publication Motherboard.

—   Share news in the SOC. Networks

Topical videos:

This is interesting!