Researchers Reveal macOS Vulnerability Exposing System Passwords

Researchers Reveal macOS Vulnerability Exposing System Passwords

A recent article by Noah Gregory has highlighted a significant vulnerability in macOS, identified as CVE-2024-54471, which was patched in the latest security updates for macOS Sequoia 15.1, macOS Sonoma 14.7.1, and macOS Ventura 13.7.1.

This vulnerability could potentially expose system passwords, emphasizing the importance of updating macOS devices to the latest versions.

Background and Technical Details

The vulnerability exploits inter-process communication (IPC) mechanisms in macOS, specifically leveraging the Mach kernel’s messaging system.

macOS Vulnerability
the credentials are stored in the macOS keychain

The Mach kernel, a hybrid of BSD and Mach components, is central to Apple’s operating systems.

According to the Report, it uses abstractions like tasks, threads, ports, and messages to manage IPC.

Ports, which are communication channels, are crucial for tasks to exchange data securely.

However, if not properly secured, these mechanisms can be exploited.

The Mach Interface Generator (MIG) plays a significant role in this vulnerability.

MIG simplifies the creation of interfaces for sending and receiving Mach messages but lacks native security measures.

This means that any task with a send right to a MIG server can potentially call its routines without verification.

The lack of sender verification in MIG servers poses a significant security risk if not properly addressed.

Exploitation and Patching

The vulnerability was exploited through the NetAuthAgent daemon, which handles credentials for file servers.

Before the patch, an attacker could send a message to NetAuthAgent to obtain credentials for any server.

This exploit highlights the importance of securing IPC mechanisms and ensuring that all tasks verify the authenticity of messages they receive.

The patch for this vulnerability was included in the recent macOS updates, emphasizing the need for users to keep their systems up-to-date to protect against such exploits.

The use of tools like the ipsw CLI can help identify potential vulnerabilities by locating binaries that use specific symbols associated with MIG servers.

However, without proper security measures, these mechanisms remain susceptible to exploitation.

The revelation of this vulnerability underscores the ongoing challenges in securing complex operating systems like macOS.

It also highlights the importance of regular updates and robust security practices to protect user data and system integrity.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for Free


Source link