In macOS Sierra 10.12.2 an important vulnerability has been solved -


Post Top Ad

Post Top Ad

Tuesday, 20 December 2016

In macOS Sierra 10.12.2 an important vulnerability has been solved

Sierra macOS update last week 10.12.2 solved several bugs and has patched some newly discovered vulnerabilities, including one that allowed an attacker to obtain your password FileVault disk encryption connecting a Thunderbolt device on a Mac or blocked State of suspension.

As detailed by security researcher, Ulf Frisk, attackers must have physical access to your Mac to exploit the vulnerability. The password you get can be used to free the disk from your Mac and access everything in it.

The security researcher points out two macOS issues that made this type of attack possible.

First, macOS is not protected against direct memory access (DMA) attacks before it starts. This is because the Extensible Firmware Interface (EFI) works when you turn on your Mac and is used to allow Thunderbolt devices to read and write memory before macOS starts.

"Right now, MacOS has not yet begun , " says Frisk. "MacOS resides on the encrypted disk, which must be unlocked before it can be started. Once macOS starts the DMA protections are enabled by default. "

And second, macOS stores the FileVault password in text in multiple memory locations. Although the password "shifts" between restarts, it was still stored in a fixed memory range.

Also, macOS does not clear the password from the memory once the disk has been unlocked.

Given this, an attacker with physical access to your Mac could have access to your data relatively easily, in case the computer is in a state of sleep (sleep).

If your Mac goes down, it is not vulnerable. If you are "sleeping," however, the team is still vulnerable. The attack was not tested on the latest Mac models with USB-C. To ensure your Mac, just install the update macOS Sierra 10.12.2.

No comments:

Post a Comment

Post Top Ad