After losing power and the clock resetting, an attacker with password will not be locked out
| Originator: | chilvman | ||
| Number: | rdar://23973869 | Date Originated: | 21/12/2015 |
| Status: | Open | Resolved: | |
| Product: | OSX | Product Version: | 10.10.5 |
| Classification: | Reproducible: | Always |
Summary: When the system clock reverts to Jan 1st, 1970, all HTTPS communication fails until the clock is restored. An attacker could use a proxy to prevent the clock updating, thus the files on the hard drive are vulnerable indefinitely. Steps to Reproduce: 1. Disable "Set date and time automatically" 2. Set up Find my Mac 3. Allow the battery to run out to the point where the system clock reverts to 1970 4. Lock the Mac with a passcode using iCloud.com 5. Charge the Mac and power it on Expected Results: The Mac should be locked with a passcode. Actual Results: The Mac is not locked. Version: 10.10.5
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!