Tuesday, September 26, 2017

MacOS Password Stealing Vulnerability - Not as Bad as They Say

It's all over the news! A zero day MacOS security vulnerability that allows a hacker to be able to steal your password. This headline has made it's way across my news feeds on Facebook and Twitter. Before you start to panic though, let's get the first thing straight. If you have left Gatekeeper turned on, then you are not in any danger of your passwords being stolen. The application the hacker used to grab the passwords was installed on his Mac, and if Gatekeeper was still on, it never could have happened. So, let's prepare ourselves.

  1. Verify Gatekeeper is still turned on
    1. Go to System Settings
    2. Security and Privacy
    3. General
    4. Verify Gatekeeper is set to Mac App Store and identified developers
  2. Be sure to not install apps from unidentified sources
    1. You will be presented with a dialog like the one below asking if you are sure you want to install an application from an unidentified developer. 
    2. If you DO NOT know this developer and trust the application you are installing, hit Cancel.  When it doubt, live without the application.

So there you have my opinion. This vulnerability is just a hype to get headlines. Enjoy your day and be safe out there.

Source: http://thehackernews.com/2017/09/macos-high-sierra-keychain.html