0-day flaw in macOS High Sierra lets hackers dump all passwords from keychain

Apple prides itself on the airtight security offered by its family of products, including the Mac operating system, macOS. But while considerably less targeted by hackers, macOS is still vulnerable to attacks – especially when a bad actor comes at it with an exploit that takes advantage of a zero-day vulnerability.

Ex-NSA hacker Patrick Wardle demonstrated just that at the Def Con conference in Vegas, when he showed that macOS High Sierra (the current version of Apple”s Mac operating system) is vulnerable to attacks involving “synthetic clicks.”

macOS is rich in Accessibility features, and one of these abilities is the nifty trick of making mouse-clicks without actually touching the mouse – everything happens in the software. Wardle found that an unpatched 0-day flaw can be exploited to virtually click objects and gain access to password protected areas. In fact, he found a way to dump all passwords from the keychain and bypass 3rd-party security tools.

“Via a single click, countless security mechanisms may be completely bypassed,” says Wardle. “Run untrusted app? click …allowed. Authorize keychain access? click …allowed. Load 3rd-party kernel extension? click …allowed. Authorize outgoing network connection? click …allowed. Luckily security-conscious users will (hopefully) heed such warning dialogues—stopping malicious code in its tracks. But what if such clicks can be synthetically generated and interact with such prompts in a completely invisible way?”

See his presentation slides here for the full scoop. Apple has reportedly patched the bug in its upcoming macOS Mojave, which is currently in beta.