macOS 10.12.2 a fost lansat de catre compania Apple saptamana trecuta, noua versiune a sistemului de operare rezolvand o varietate de probleme raportate de catre utilizatori. Separat de acestea, cei de la Apple au rezolvat inclusiv o vulnerabilitate de securitate a macOS 10.12.1 care permitea extragerea parolei unui Mac prin Thunderbolt.
Extragerea parolei unui Mac era posibila in macOS 10.12.1 cu ajutorul unui dispozitiv Thunderbolt de 300 de dolari, chiar si atunci cand Mac-ul era blocat. In clipul video de mai jos puteti vedea cum arata intreaga procedura pe macOS 10.12.1, insa in macOS 10.12.2 ea a fost blocata de catre compania Apple, asa ca ea acum nu mai este posibila.
Apple a aflat despre aceasta vulnerabilitate inca din luna august a acestui an si i-a cerut cercetatorului care a descoperit-o sa nu ofere detalii privind exploatarea sa. Acesta a ascultat rugamintile companiei Apple, asa ca in macOS 10.12.2 ea a fost rezolvata si niciun hacker nu se poate folosi de ea pentru a obtine acces la datele vreunui Mac.
Mai jos aveti o explicatie si pentru problema raportata companiei Apple, insa puteti sta linistiti ca ea nu mai exista in macOS 10.12.2.
“The first issue is that the mac does not protect itself against Direct Memory Access (DMA) attacks before macOS is started. EFI which is running at this early stage enables Thunderbolt allowing malicious devices to read and write memory. At this stage macOS is not yet started. macOS resides on the encrypted disk – which must be unlocked before it can be started. Once macOS is started it will enable DMA protections by default. The second issue is that the the FileVault password is stored in clear text in memory and that it’s not automatically scrubbed from memory once the disk is unlocked. The password is put in multiple memory locations – which all seems to move around between reboots, but within a fixed memory range.”