这是一个创建于 2397 天前的主题,其中的信息可能已经有所发展或是发生改变。
Patrick Wardle, Synack ’ s head of research, posted a video on Monday that shows how code he wrote can be used to get passwords from macOS ’ s Keychain. Keychain is the password manger built into macOS, and it usually requires a master password to access it. But Wardle ’ s code was able to access Keychain and collect passwords.
 |
1
0xcb 2017-09-26 08:43:07 +08:00 via Android
之前版本都可以的啊,只要你授权管理员帐户,dump keychain 简单的很
|
 |
3
bkmi 2017-09-26 11:04:02 +08:00 via Android
按理说这应该是个大新闻,但是竟然没人关注的,神奇神奇
|
 |
6
tairan2006 2017-09-26 11:19:50 +08:00
…这个很严重啊,还升什么级。。
|
 |
7
usedname 2017-09-26 11:34:44 +08:00
这个 bug 没人关注?
|
 |
8
BearD01001 2017-09-26 11:55:47 +08:00
持续关注...
|
 |
9
Mirage09 2017-09-26 11:59:34 +08:00
看到了,原作者说给 Apple 发邮件了但是没有回应,我也好奇这明明就是个大新闻为什么没人发...
|
 |
10
wuhao930301 2017-09-26 11:59:57 +08:00
手动关注。为什么 Beta 版的时候没曝出来,是正式版才有的 bug 么
|
 |
11
Chingim OP @wuhao930301 小人之心地不负责任地推断, 这漏洞估计早就发现了, 就等苹果发布正式版吧
|
 |
12
onevcat 2017-09-26 12:05:44 +08:00
https://twitter.com/patrickwardle/status/912254053849079808
这个吧?看起来是一直就有的吧,作者也说“ other versions of macOS are vulnerable too ” 只有 unsign app 能干这事儿,没签名或者签名不对的 app 别用就是了.. |
 |
13
warking 2017-09-26 17:11:24 +08:00
Correction: The exploit affects other macOS versions too, including the latest High Sierra, but is not specific to the latter only. Apple has actually fixed a number of critical security flaws with macOS 10.13 making it an important update.
http://wccftech.com/macos-high-sierra-hackers-steal-passwords/ |
Select Language