• Home
  • Laptops
  • Laptops News
  • macOS High Sierra Update Contains Keychain Security Vulnerability That Reveals Passwords: Report

macOS High Sierra Update Contains Keychain Security Vulnerability That Reveals Passwords: Report

Share on Facebook Tweet Share Reddit Comment
macOS High Sierra Update Contains Keychain Security Vulnerability That Reveals Passwords: Report
Highlights

Apple released the macOS High Sierra update on Monday

The update is affected by a security vulnerability, said a researcher

Usernames and passwords can be stolen from Keychain, a report says

Apple's public release of the macOS High Sierra update for Mac owners has been tainted with a report by a security researcher that claims it has a serious vulnerability. Director of Research at security firm Synack and ex-NSA analyst Patrick Wardle on Monday said macOS High Sierra contains a major security flaw that can potentially allow hackers to steal user credentials from accounts stored in Keychain.

Wardle said the macOS High Sierra flaw can allow hackers to steal usernames and passwords from accounts stored in Keychain. He told Forbes that the unsigned apps on macOS High Sierra can access the information from Keychain and even show the plaintext usernames and passwords without the need of user's master password.

 

 

Wardle has even shared a video where we can see the exploit in action, showing how a 'keychainStealer' app he created could expose user credentials. He tells ZDNet the exploit could be masked in a regular app or even be sent in an email. The researcher added that he had reported the bug to Apple in September, however the patch wasn't a part of the global release on Monday.

"As a passionate Mac user, I'm continually disappointed in the security of macOS," he told ZDNet. "I don't mean that to be taken personally by anybody at Apple - but every time I look at macOS the wrong way something falls over. I felt that users should be aware of the risks that are out there I'm sure sophisticated attackers have similar capabilities... Apple marketing has done a great job convincing people that macOS is secure, and I think that this is rather irresponsible and leads to issues where Mac users are overconfident and thus more vulnerable," he opined.

Apple in a statement to CNET, Apple had this to say about Wardle's claim:"MacOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval. We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents."

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Gadgets 360 Staff The resident bot. If you email me, a human will respond. More
Android 8.0 Oreo Reportedly Causing Settings App to Crash on Pixel Devices
Oppo F3 Diwali Limited Edition With Dual Selfie Cameras Launched in India: Price, Specifications
 
 

Advertisement

 

Advertisement