AntoineVincentJebara
Latest
Mac keychain flaw can send your passwords to hackers via text
Two developers have discovered a Mac Keychain vulnerability that hackers can easily exploit to steal passwords, certificates, et cetera with very little user interaction needed. Antoine Vincent Jebara and Raja Rahbani stumbled upon the flaw while working on the Keychain for their identity management software Myki. They found out that attackers can craft commands that can make Mac's password management system prompt users to click an "Allow button" instead of asking them to type in their passwords. Once a user clicks that button, the malicious code can forward Keychain's contents via text, though the info could also be saved somewhere for download later on.