“Patches expected to be issued as soon as possible”
Apple released a new macOS operating system today, dubbed High Sierra. But already a serious weakness has been found lurking within, a security researcher has claimed, allowing a hacker to steal passwords from Apple Macs running the new OS.
Patrick Wardle, ex-NSA analyst and now head of research at security firm Synack, found the problem Monday, warning that it could allow anyone able to run malicious code on a Mac to pilfer passwords from the keychain. With his “keychainStealer” app, the researcher’s hack forced the keychain to disclose Facebook, Twitter and Bank of America passwords.
— Synack (@synack) September 25, 2017
“First malware sample to contain an exploit for the flaw”
For the first time, threat actors have added the Dirty Cow Android exploit to malware designed to compromise devices running on the mobile platform. On Monday, researchers from Trend Micro said the vulnerability, traced as CVE-2016-5195, has been discovered in a malware sample of ZNIU, detected as AndroidOS_ZNIU.
“Billions of dollars processed per year through apps”
IOActive has discovered severe security issues with today’s most popular stock trading applications, but it appears that the developers behind the apps are not interested. On Tuesday, the security firm released the results of research into 21 popular mobile stock trading applications available on iOS and Android, which have millions of users worldwide and process billions of dollars in transactions per year.
Exploiting these vulnerabilities can not only lead to the leak of user data, but can allow threat actors to trade a user’s stocks, steal their funds, and spy on their net worth and investment strategies, which could then be used to conduct additional fraudulent trading.
— IOActive, Inc (@IOActive) September 27, 2017
Enjoy your read? Check out our other content here.