Apple Fixes Password-Related Bugs in iOS and Mac OS

By

Two separate flaws give away user passwords.

Apple is usually reliable for security and privacy, but every once in a while, things slip by. Two serious, and separate, vulnerabilities in iOS and Mac OS were discovered that can give away passwords. Apple has patched both security holes.

An iOS vulnerability was discovered by Davut Hari, a patent attorney from Turkey. It’s just a silly mistake. Saved passwords are not shown in plain text and are hidden by just showing ****. That’s one line of defense. Apple is also good at the accessibility feature, so if you select the password, accessibility is enabled, and you click the “Voice” option, the iOS device reads the password. Anyone in earshot can hear the password.

Apple released an update on December 12 and admitted that a “nearby user may be able to overhear spoken passwords.” The update disabled speaking of passwords.

A security hole in Mac OS allows attackers to plug in a Thunderbolt device in any Mac OS device and siphon passwords even if the device is locked.

Security researcher, Ulf Frisk, who found the vulnerability, wrote on his blog, “Mac OS FileVault2 let attackers with physical access retrieve the password in clear text by plugging a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the mac to access everything on it.”

Apple patched the hole with Mac OS Sierra 10.12.2 update. If you are one of those users who ignores updates on your system, please change that habit and start installing updates as soon as they are available.

12/21/2016

Related content

comments powered by Disqus

SysAdmin Day 2017!

  • Happy SysAdmin Day 2017!

    Download a free gift to celebrate SysAdmin Day, a special day dedicated to system administrators around the world. The Linux Professional Institute (LPI) and Linux New Media are partnering to provide a free digital special edition for the tireless and dedicated professionals who keep the networks running: “10 Terrific Tools."

Special Edition

Newsletter

Subscribe to ADMIN Update for IT news and technical tips.

ADMIN Magazine on Twitter

Follow us on twitter