January 4, 2017 by

Fake Software Updates Can Lead To Stolen Keychains On Apple Products


Recently there has been a small uptick in the occurrences in fake software updates, in particular Adobe Flash Player. These especially have been seen targeting Macbooks and other Apple products in order to steal their keychains. This kind of attack can compromise all passwords that were ever saved on all the devices tied to that Apple ID.

Adobe Flash Player is used to deliver high quality web content and animation for viewing and streaming both video and audio. It is hard to find computers and web browsers that don’t have Flash Player installed. Since it is such a commonality many people are use to receiving what seems like almost constant update alerts. These updates are usually done to fix the security vulnerabilities that are found within Flash Player. Hackers have taken advantage of this to create fake updates that deliver malware.

The type of malware that is commonly seen now on Macs focuses on gaining access to the keychain. The keychain is a password management system which stores all passwords for applications, servers, and websites. It also can store sensitive information such as credit card numbers, and PINs for bank accounts. If you choose to use the Keychain, passwords are made accessible on all devices sharing the Apple ID.

In the unfortunate event that your information is compromised via this method, you will have to reset all of your passwords that were stored on the keychain. On top of this, you will also need to ensure that you have removed the attackers access after resetting your password, so they are no longer able to maintain access via active sessions. You will also need to notify any bank or any related financial institutions if your PIN number or other personal information was stored in the keychain and stolen to prevent or stop further financial losses. In addition, you need to ensure that any other personal information such as social security numbers is safe potentially by using identity theft monitoring. In the worst case scenario, the attacker has gained control of the computer and changed your passwords. If this is the case, you should contact Apple as well as a cybersecurity company in the event you need assistance in remediating this problem.

A good security posture can help protect you from this type of compromise. Be sure to never click on links you do not recognize, never connect to strange wireless networks or ones that do not have passwords, and lastly, if it looks out of place it most likely is a scam.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Apple Pushes Update to Fix Major Mac OS Vulnerability

Apple has issued an emergency patch after admitting to a major security flaw that enabled anyone to...

Read more arrow_forward

Hackers Steal Compromising Photos from High-Profile Plastic Surgeon

Hackers have broken into a high-profile plastic surgeon in London to steal a cache of sensitive...

Read more arrow_forward

MacOS Zero-Day Flaw Exposes Passwords in Plaintext

A critical flaw in the newly-released version of macOS, High Sierra, allows rogue applications to...

Read more arrow_forward