Your Security Is the Best Reason to Get macOS 10.12.2

  • MORE

While some MacBook Pro owners claim macOS 10.12.2 improves battery life, there's a more important reason to update to the latest version of Apple's computer operating system: protecting your passwords. That's because a Swedish hacker made a device that steals passwords off a Mac just by connecting a cable -- unless the latest update is installed.

mac pcileechThe PCILeech connected to a MacBook Air. Image: Ulf Frisk

Swedish hacker Ulf Frisk demonstrated his trick in a blog post yesterday (Dec. 15). By simply connecting a device running his PCILeech software to a MacBook Air's Thunderbolt port, then forcing a reboot, you can gain the system's password in less than 30 seconds. With that password comes access to FileVault, the encryption software that protects the hard drive, so you're essentially handing over even a well-protected Mac.

MORE: Best Apple Laptops

Frisk says Apple's latest patches, released Wednesday (Dec. 14) will secure your Mac from this attack. To install the update, click the Apple icon in the top left corner of your screen, select App Store and click Updates.

How were Macs vulnerable to this attack before macOS 10.12.2? Apple left two vulnerabilities open until now. The first didn't protect system memory from direct access (known as Direct Memory Access) before the OS boots up completely. The second was that the system stored passwords kept in FileVault in unencrypted plain text, which made those character strings easy to steal during the boot sequence.

If you're curious about how long it takes to patch leaks such as these, Frisk discovered the issue near the end of July of this year, and then presented and released an earlier version of the technology at the DEF CON 24 hacker conference Aug. 5, without singling out Macs as vulnerable. (The same attack method also works on 64-bit Windows and Linux.)

Frisk formally notified Apple of the vulnerability Aug. 15, and the company privately responded to him Aug. 16. However, it took until December 13 for Apple to release the security update as a part of macOS 10.12.2. Two days later, Frisk updated the PCILeech code to simplify the Mac attack.

Author Bio
Henry T. Casey
Henry T. Casey,
After graduating from Bard College a B.A. in Literature, Henry T. Casey worked in publishing and product development at Rizzoli and The Metropolitan Museum of Art, respectively. Henry joined Tom's Guide and LAPTOP having written for The Content Strategist, Tech Radar and Patek Philippe International Magazine. He divides his free time between going to live concerts, listening to too many podcasts, and mastering his cold brew coffee process. Content rules everything around him.
Henry T. Casey, on
Add a comment
1 comment
  • Robert Says:

    I'd add that his software easily finds alphanumeric passwords, it's more difficult to locate passwords with special characters in them. I'm hoping Apple will store whatever needs to be stored for FileVault in the new TouchID computers in the secure enclave, which should keep it safe from any peripheral.

Back to top