{"id":355,"date":"2018-08-16T12:28:12","date_gmt":"2018-08-16T17:28:12","guid":{"rendered":"https:\/\/www.uv.mx\/csirt\/?p=355"},"modified":"2018-08-16T12:28:12","modified_gmt":"2018-08-16T17:28:12","slug":"vulnerabilidad-zero-day-en-macos-high-sierra","status":"publish","type":"post","link":"https:\/\/www.uv.mx\/csirt\/boletines\/vulnerabilidad-zero-day-en-macos-high-sierra\/","title":{"rendered":"Vulnerabilidad Zero-Day en macOS High Sierra"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-356\" src=\"https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/vulnerabilidad-high-sierra-300x103.jpg\" alt=\"\" width=\"600\" height=\"206\" srcset=\"https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/vulnerabilidad-high-sierra-300x103.jpg 300w, https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/vulnerabilidad-high-sierra-768x264.jpg 768w, https:\/\/www.uv.mx\/csirt\/files\/2018\/08\/vulnerabilidad-high-sierra.jpg 930w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>16\/08\/2018<\/p>\n<p><strong>Bolet\u00edn de seguridad inform\u00e1tica<\/strong><\/p>\n<p><strong><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-297\" src=\"https:\/\/www.uv.mx\/csirt\/files\/2018\/06\/importante.jpg\" alt=\"\" width=\"121\" height=\"27\" \/>\u00a0<\/strong><\/p>\n<p><strong>Descripci\u00f3n:<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>El investigador y director de <strong>Digital Security<\/strong> Patrick Wardle ha descubierto una vulnerabilidad Zero-Day que permite a un atacante imitar los clics del rat\u00f3n sobre un aviso de seguridad que le permite cargar una extensi\u00f3n del kernel para acceder al n\u00facleo del sistema operativo macOS. Este descubrimiento\u00a0fue presentando en DEFCON, en su presentaci\u00f3n el investigador explica que\u00a0este fallo solo afecta a High Sierra debido a la carga de la extension del kernel asistida por el usuario<em> (User Assisted Kernel Extension Loading)<\/em> caracter\u00edstica\u00a0implementada en actualizaciones previas.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Recursos:<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<ul>\n<li>macOS High Sierra<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Soluci\u00f3n:<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Hasta el momento Apple no ha publicado soluci\u00f3n alguna de esta vulnerabilidad.<\/p>\n<p>&nbsp;<\/p>\n<p>Para mas informaci\u00f3n<\/p>\n<p><a href=\"https:\/\/securityaffairs.co\/wordpress\/75293\/hacking\/synthetic-mouse-click-attack.html\">https:\/\/securityaffairs.co\/wordpress\/75293\/hacking\/synthetic-mouse-click-attack.html<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Ante cualquier duda o aclaraci\u00f3n comun\u00edcate con el CSIRTUV a las extensiones 11505, 11532 y 11564 o al correo contactocsirt@uv.mx<\/p>\n","protected":false},"excerpt":{"rendered":"<p>16\/08\/2018 Bolet\u00edn de seguridad inform\u00e1tica \u00a0 Descripci\u00f3n: &nbsp; El investigador y director de Digital Security Patrick Wardle ha descubierto una vulnerabilidad Zero-Day que permite a un atacante imitar los clics del rat\u00f3n sobre un aviso de seguridad que le permite cargar una extensi\u00f3n del kernel para acceder al n\u00facleo del sistema operativo macOS. Este descubrimiento\u00a0fue [&hellip;]<\/p>\n","protected":false},"author":2037,"featured_media":356,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ventana_nueva":"","tipo_url":"","url":"","extracto":"","imagen_halign":"","imagen_valign":"","bg_size":"","text_hide":"","media_url":"","tipo_media":"","video_url":"","video_pos":"","video_youtube":"","footnotes":""},"categories":[2],"tags":[],"class_list":["post-355","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-boletines"],"_links":{"self":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/posts\/355","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/users\/2037"}],"replies":[{"embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/comments?post=355"}],"version-history":[{"count":0,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/posts\/355\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/media\/356"}],"wp:attachment":[{"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/media?parent=355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/categories?post=355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.uv.mx\/csirt\/wp-json\/wp\/v2\/tags?post=355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}