Last week, I reported on a vulnerability that allowed a threat actor to access a user’s Keychain in the newly released macOS High Sierra, as well as some older versions of Apple’s desktop and notebook operating system. Earlier today, Apple issued a system update to remedy this flaw.
The flaw, discovered by Synack’s chief security researcher Patrick Wardle, allows an unauthorised party to exfiltrate passwords from the Keychain by bypassing a kernel extension called Secure Kernel Extension Loading (SKEL). SKEL is meant to stop bad guys from loading rootkits and other malware but can be easily bypassed.
Wardle revealed the flaw to Apple, as an ethical disclosure, holding back details from the public domain so the vulnerability could not be exploited by hackers.
The update is available through the App Store by going to the Updates section. Alternately, you can visit Apple’s support site and get your hands on the update from there. It’s being listed as a supplemental update, and not given a new version number by the looks of things. I wonder if that’s a subtle way of trying to get us to diminish the importance of this update.
Apple has chosen to immediately update High Sierra but older versions of their software haven’t yet seen the same fix come through for older versions of their software.