on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords)πππ vid: player.vimeo.com/video/235313957 #smh
Conversation
other versions of macOS are vulnerable too β οΈπ‘ Not sure whatπ is thinking πππ
5
33
24
Show replies
Oh, I used it on the remote machine to listen/accept the exfil'd keychain from the High Sierra box.
1
you do know processes with administrative rights can pretty much do anything with the system, amirite?
2
1
even with r00t on macOS, things like SIP, 'secure kernel ext loading', entitlement requirements, etc. cannot be bypassed (w/o exploits)
π€¨ Apple disallows programmatic interactions with system dialogs (i.e. 'security' dumping *passwords*). So yah, 10.13 thwarts that old attack
1
3
Does this also open up other keychains? That is, user-created ones as opposed to the "default" one used by OSX?
1
1
only tested on login (default) keychain - but I could also maybe see it working on others as well π€
my understanding is, a patch will be forthcoming ππ‘οΈπ ...not sure when though
1
1