Mac OS X flaw reveals passwords

Author: Gareth Halfacree
Published: 29th February 2008
Comments (12) Stumble
Jobs: "No, it's a feature. Honest. It's insanely great. You'll never forget your passwords again."

Jobs: "No, it's a feature. Honest. It's insanely great. You'll never forget your passwords again."

A San Francisco-based programmer and Apple fan has uncovered a rather serious flaw in OS X which can allow a cracker to grab a plain-text copy of the password for the currently logged in account.

Apple has confirmed the bug, although is downplaying the severity due to the requirement for physical access to the machine – so far, no-one has discovered a way to exploit the bug remotely. Despite this, discoverer Jacob Applebaum – and isn't that an ironic name – describes the issue as a “real problem and it needs to be fixed.

The flaw is a result of poor handling of the unlocking process: when a password is requested by the system, it is used to unlock the keychain file containing all the saved passwords for wireless networks, SSH connections, and the like; however, instead of ditching the password as soon as the unlocking operation is complete OS X keeps it hanging around in RAM until the user logs out.

This means that if an attacker is able to dump a copy of the memory, he can simply search through the file for your passphrase.

There's no particular reason why the passphrase should be kept in RAM after the operation has finished, and plenty of reasons to get rid as soon as is possible. Quite why Apple has chosen not to isn't exactly clear, and the company isn't being forthcoming with details. When asked about the vulnerability, spokesman Anuj Nayar told CNet that the company was “aware of this locally exploitable vulnerability” and would be issuing a fix in the near future.

Anybody with a background in computer security will be able to tell you the number one rule in infosec: once the attacker has physical access, it's game over. Even so, it shouldn't be quite as easy as this to grab every password a user has ever saved.

Any Mac users guarding their systems with their lives after reading this, or is Applebaum making a fuss over nothing? Give us your opinion over in the forums.
Quote cjoyce1980 29th February 2008, 09:04
If this was a Microsoft flaw it would be front page news, but as its apple its no biggie.

I sure now that this bug is known there will be malware/spyware coders trying to exploit this, I would
Quote Leitchy 29th February 2008, 09:22
There playing it down because you need physical access to the mac itself. Not a problem then move on.... :/
Quote Paradigm Shifter 29th February 2008, 11:13
Yes, but now that it's public, it's a race between Apple to fix the hole and malware developers to come up with a way to exploit it remotely...
Quote Bluephoenix 29th February 2008, 13:17
pretty serious flaw, and at least apple has said something rather than taking their "we don't discuss things like this, we pretend they don't exist" position.

on the subject of macs in general:

http://i255.photobucket.com/albums/hh151/bluephoenix54/1203282313749.jpg
Quote r4tch3t 29th February 2008, 21:41
lol nice pic.
Then again there is that hack for access to an encrypted hard disk and the computer only needs to be logged in, regardless if its locked or not. But again physical access is the key.
Quote johnmustrule 1st March 2008, 04:08
well today's news was interesting... guess I'll busy my self with a couple video games on my windows machine.... Wuhahaha!
Quote nakchak 1st March 2008, 18:51
0wn a mac:

get pleb to download a p2p client

use p2p client as host for malware, do a memory scan for the data, return memory scan as a header during file transfer

at attackers end log all received info, ip passwords etc.
use a script to SSH back to the box with root access

voila your Pwned!!! and spamming at an ungodly rate


seriously hope apple get 0wned, cus they are no better if not worse than m$ when it comes to issuing fixes
nm the fact it will shut the fan boys up in lala land, about macs being inherintly secure, there not its just more profitable to go after the majority than the minorities
Quote Da Dego 1st March 2008, 23:25
Umm, I guess I'm confused - with physical access to a windows machine, you can reboot in linux and get every password in plain text. Why is it that when it's mac, physical access is suddenly unimportant and we should burn Steve-o in effigy?

Physical access to a logged in system == insecure. Period. That goes for Windows, Mac, and Nix. Honestly now, must we turn this to a mac/windows debate?
Quote Fozzy 2nd March 2008, 05:24
Here's a scenario for you.

You bring your laptop to work and leave it unattended while you take a coffee break. 15 minutes would be just enough time for an employee to access your passwords. What does this mean? Oh nothing, unless you've recently been to paypal, ebay, online stores, did your taxes (SSN), hotmail...the list goes on and on for what any theif clever enough to hack the mac in the first place would be looking for.
Quote Amon 2nd March 2008, 05:48
Quote:
Originally Posted by Da Dego
Physical access to a logged in system == insecure. Period.
Pretty much what I had in mind, as well.
Quote rhuitron 2nd March 2008, 09:00
HA!!!!

The fish dies by it's own mouth!

Like other have said, If this was Windows, here. We'd all be shitting our pants.
I'd like to quote something that Apple Phag's ALWAYS SAY!
"We don't get viruses or Malware!"
But you do now!

What happened to superiority of the apple brand???

Jobs: "No, it's a feature. Honest. It's insanely great. You'll never forget your passwords again."
^ loving that!
Quote Matticus 2nd March 2008, 22:46
Its right that if you get physical access to a PC no matter what OS is running, your basically in, but the physically access may be only in a limited window, i.e. people going out to lunch or coffee break. So not really that much time to work your magic, atleast not if you dont work well under pressure.

But say they leave it logged in for 2 minutes while they are out of the room you have got enough time to get thier password and then come back at your leisure to get whatever information you want.

Its right that if this was microsoft it would be all over the place, maybe not just on computer related websites, but because its apple its played down, when in all honesty its pretty serious.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.





Stats: 0.119 seconds