Little Blob & The Cloud Empire Mac OS

If you follow the infosec twitterverse or have been keeping an eye on macOS news sites, you’ve likely seen a tweet (with accompanying video) from Patrick Wardle (@patrickwardle) that purports to demonstrate dumping and exfiltration of something called the “keychain” without an associated privilege escalation prompt. Patrick also has a more in-depth Q&A blog post about the vulnerability.

User manuals for Little Navmap and Little Navconnect in all formats and languages. Map Legend GitHub Little Navmap Project and Sources. Version 2.6 Features. Little Navmap is a free open source flight planner, navigation tool, moving map, airport search and airport information system. Little Blob.otf. Little Blob is a funny and playful handwritten font full of joy! Use it to add a whimsical feel to any design creation.

Let’s pull back a bit to provide sufficient background on why you should be concerned.

What is the macOS Keychain?

Without going into fine-grained detail, the macOS Keychain is a secure password management system developed by Apple. It’s been around a while (back when capital letters ruled the day in “Mac OS”) and can hold virtually anything. It’s used to store website passwords, network share credentials, passphrases for wireless networks, and encrypted disk images; you can even use it to store notes securely.

A more “TL;DR” version of that is “The macOS Keychain likely has the passwords to all your email, social media, banking and other websites—as well as for local network shares and your WiFi.”

Most users access Keychain data through applications, but you can use the Keychain Access GUI utility to add, change, or delete entries. Here’s a sample dialog containing credentials for a fake application called (unimaginatively enough) “forexample”:

The password is not displayed by default. You need tick the “Show
password:” box and a prompt will appear:

Enter your system password and you’ll see the password:

Little Blob & The Cloud Empire Mac Os 11

That’s a central part of the Keychain — you provide authority for
accessing Keychain elements, even to the application that maintains the secrets for you.

Apple has also provided command-line access to work with the keychain via the security command. Here’s what the listing looks like for this example:

Again, the secret data is not visible.

Mac

As you may have surmised, Apple also provides programmatic access to the Keychain.

iOS, tvOS (etc) all use a similar keychain for storing secrets.

Before we jump into the news from September 25th, 2017, let’s fire up Apple’s Time Machine and go back about four years…

A (Very) Brief History of Keyjacking

Rapid7’s own Erran Carey put
together a proof-of-concept for “keyjacking” your Keychain a little over four years ago.

If you run:

You’ll get prompted to unlock the keychain:

which will enable the Ruby script to decrypt all the secrets.

There’s another related, older vulnerability that involved using a bit more AppleScript to trick the system into allowing unfettered access to Keychain data (that vulnerability no
longer exists).

So, What’s Different Now?

Patrick’s video shows him running an unsigned application that was
downloaded from a remote source. The usual macOS prompts come up to warn you that running said apps is a bad idea and when you enable execution a dialog come up with a button. The user in the video (presumably Patrick) presses said button and some time passes, then a file with a full, cleartext export of the entire Keychain is scrolled through.

As indicated, many bad things had to happen before the secrets were revealed:

  • the Security System Preferences had to be modified to allow you to run unsigned third-party apps on your system

  • you had to download a program from some site or load/run it from USB (et al) drive

  • you had to say “OK” one more time to Apple’s warning that what you are about to do is a bad idea

Sure, registered/signed apps could perform the same malicious function,
but that’s less likely since Apple can tie the signed app to the
developer (or developer’s system) that created it.

What Can I Do?

It looks like this vulnerability has been around for a while. macOS Sierra and the just-released High Sierra are both vulnerable to this attack; El Capitan is also reported to be vulnerable.

Since you’re likely running El Capitan or Sierra, upgrading to High Sierra isn’t going to put you further at risk. In fact, High Sierra includes security patches and additional security features that make it worth the upgrade. Bottom line: don’t let this vulnerability alone prevent you from upgrading to High Sierra if you’re on El Capitan or Sierra. However, you might want to consider a completely fresh install versus an upgrade. Why? Read on!

macOS “power users” will not like the following advice, but you should consider performing a fresh install of High Sierra and starting from a completely fresh system, then migrating signed applications and data over. It’s the next bit that really hurts, though. Don’t install any unsigned third-party apps or any apps via MacPorts or Homebrew until Apple patches the vulnerability.Why? Well, there’s a chance Patrick is not the only one who found this vulnerability, and attackers may try to work up their own exploits before Apple has a chance to release a fix. In fact, they may already have (which is one reason we suggested not just doing an upgrade).

And, Apple is working on a fix — Patrick responsibly informed them — but there was no time to bake it in beforethis week’s official release. Using any unsigned third-party code could put your secrets at risk. You should also be wary of running signed code that you download outside the Mac App Store. Apple’s gatekeeping is not perfect, but it’s better than the total absence of gatekeeping that comes with downloads from uncontrolled websites.

Rapid7 researchers will be monitoring for other proof-of-concept (PoC) code that exploits this vulnerability (Patrick did not release his PoC code into the wild) and will be waiting and watching for Apple’s first macOS patch release — they released 10.13.1 betas to developers today — to fix this critical issue. Keep watching the Rapid7 blog for updates!

Little Blob & The Cloud Empire Mac Os Download

Banner photo by Travis Wise • Used with permission (CC BY 2.0)

Alex’ Projects ► Little Navmap

Little Blob & The Cloud Empire Mac Os X

Links

Little Blob & The Cloud Empire Mac Os Catalina

Version 2.6 Features

  • Little Navmap is a free open source flight planner, navigation tool, moving map, airportsearch and airport information system.
  • Supported platforms: Windows 7/8/10, macOS (10.12 or newer only) and Linux (64 bit only).
  • Supported Flight Simulators: All FSX versions from SP2 up, Flight Simulator - Steam Edition,Prepar3D v2, v3, v4, v5, Microsoft Flight Simulator 2020 and X-Plane 11.
  • Comes with the following user interface languages: Brazilian Portuguese, Chinese (draft), Dutch (draft), English, French, German and Italian(Spanish and Dutch are based on older Little Navmap versions).
  • All is based on flight simulator stock or add-on data, no third party data needed. All stock andadd-on airports are loaded in a few minutes.
  • Navigation data can be updated from Navigraph. A cycle 1801 databasecourtesy of navigraph is included in the download and includes navaids, airways, airspaces and procedures.
  • Navigation database updates by fsAerodata and FSX/P3D Navaidsupdate are supported. Support for X-Plane navdata updatesand user defined waypoints.
  • Can read airspaces in OpenAir format from any directory which can be chosen by the user. Navigraph,Simulator, User or Online airspaces can be selected for display.
  • Uses X-Plane stock and updated navdata for approach, SID and STAR procedures includingtransitions.
  • It features a detail rich navigation map that partially uses symbols from real VFR maps thustransporting a large amount of information. Multiple offline maps, online map themes(OpenStreetMap, OpenTopoMap and more) and two map projections areavailable. Several map themes provide hill shading as well as display of the sun shadow on the globe.
  • Quick modifier mouse clicks in map allow fast actions.E.g. Ctrl+Click to start measurement or Shift+Click to place range rings.
  • The map shows user and AI aircraft as well as ships, airports, airport maps (runwaydetails, overrun areas, displaced thresholds, taxiways and more), VOR, VORTAC, TACAN, NDB, ILS,waypoints, airways, airspaces, approach and departure procedures, airport weather symbols andminimum off-route altitude grid. Plenty of information is available in tooltips or information windowsfor each map object.
  • Flight plans and flight plan fragments can be loaded, saved and merged all using the commonFlight Simulator PLN files as well as X-Plane FMS format version 3 and 11, FSC and FLP files.
  • Flight plans can be exported to the Reality XP GNS 530W/430W V2, the Reality XP GTN 750/650 Touch andthe Flight1 GTN 650/750.
  • More export formats are GPX (GPS Exchange Format, including flown track), PMDG RTE, FLP, X-PlaneFMS 3 and 11, Majestic Dash FPR and many more. FS9 PLN and FSC plans can be imported.
  • Drag and drop flight plan editing functionality on the map allows to easily create and editplans.
  • Several fast automatic flight plan calculation modes are available to create plans followingairways or simply from radio navaid to radio navaid within a split second. No online service isneeded for flight plan calculation.
  • Option to calculate flight plan fragments between any two waypoints of a present flight plan.
  • Flight plan route descriptions can be read which allows to convert flight plans from and to ATSroute descriptions which can be retrieved from the various online services likeRouteFinder or SkyVector. This includesSIDs, STARs and information for cruise speed and altitude.
  • Aircraft performance, fuel planning top of climb and top of descent calculation considering aircraft performance,winds aloft and altitude restrictions in procedures is available and can be automatically collected in background while flying.
  • A zoom and scrollable elevation profile window shows the ground elevation along the flight planincluding the minimum safe altitude for the whole plan or each segment as well as procedure altitude restrictions.
  • The map and flight plans including all related information at departure and destination can be printed.
  • A fast airport and navaid search allows to look for objects by an unimaginable amount ofoptions also featuring a spatial search to find nearest airports.
  • Information windows display numerous details about airports, runways, COM frequencies,approach and departure procedures, navaids, the user aircraft, AI or multiplayer aircraft as wellas ships, decoded weather from multiple sources like X-Plane, AS16, Active Sky Next, Active Skyfor Prepare3D v4, NOAA, VATSIM and IVAO. Sunrise and sunset for airports is shown in information as wellas bearing and distance to user aircraft.
  • The map display and the measurement units (nautical, metric, imperial) can be customized by theuser.
  • User interface and map display can be further customized by changing configuration files and SVG icons.
  • All settings, search parameters, current flight plan, map positions and much more are savedbetween sessions.
  • Little Navmap can connect directly to the flight simulator, the Little Xpconnect X-Planeplugin and can also be run stand-alone or in networked configuration.
  • Complete functionality for user defined waypoints. Add, edit (also bulk-edit), delete, search, move and display.Allows to create custom categories and icons. Import and export of CSV, X-Plane and Garmin files.
  • Little Navmap comes with its own logbook allowing to automatically record, search and edit logbook entries.
  • Can display IVAO, VATSIM, PilotEdge and custom online networks centers and clients on map, tooltips and information windows.
  • Compass rose for map or user aircraft showing heading, track and distances.
  • Customizable airport traffic patterns can be shown for any airport.
  • Can display customizable holdings at any place on the map.
  • An automatic reconnect option makes the start order of programs irrelevant. Running anetworked setup needs the included Little Navconnect program which easessetup across two or more computers.
  • The program does not consume a lot of resources and can be run on low end computers.
  • Little Navmap features its own internal web server which allows to follow aircraft progress from any device.
  • User interface styles (also Night) can be changed on the fly without restart.
  • Help is available online (can be downloaded as PDF, ePub or Mobi). A PDF file with thecomplete manual is included with the program. Help buttons in dialogs link to corresponding onlinehelp chapter.
  • The program can check for updates on three different channels (stable, beta and develop) andwill show a notification if a new version is available. Configurable in options dialog.