macOS High Sierra Update Contains Keychain Security Vulnerability That Reveals Passwords: Report

Advertisement
By Gadgets 360 Staff | Updated: 26 September 2017 14:48 IST
Highlights
  • Apple released the macOS High Sierra update on Monday
  • The update is affected by a security vulnerability, said a researcher
  • Usernames and passwords can be stolen from Keychain, a report says

Apple's public release of the macOS High Sierra update for Mac owners has been tainted with a report by a security researcher that claims it has a serious vulnerability. Director of Research at security firm Synack and ex-NSA analyst Patrick Wardle on Monday said macOS High Sierra contains a major security flaw that can potentially allow hackers to steal user credentials from accounts stored in Keychain.

Wardle said the macOS High Sierra flaw can allow hackers to steal usernames and passwords from accounts stored in Keychain. He told Forbes that the unsigned apps on macOS High Sierra can access the information from Keychain and even show the plaintext usernames and passwords without the need of user's master password.

 

 

Advertisement

Wardle has even shared a video where we can see the exploit in action, showing how a 'keychainStealer' app he created could expose user credentials. He tells ZDNet the exploit could be masked in a regular app or even be sent in an email. The researcher added that he had reported the bug to Apple in September, however the patch wasn't a part of the global release on Monday.

Advertisement

"As a passionate Mac user, I'm continually disappointed in the security of macOS," he told ZDNet. "I don't mean that to be taken personally by anybody at Apple - but every time I look at macOS the wrong way something falls over. I felt that users should be aware of the risks that are out there I'm sure sophisticated attackers have similar capabilities... Apple marketing has done a great job convincing people that macOS is secure, and I think that this is rather irresponsible and leads to issues where Mac users are overconfident and thus more vulnerable," he opined.

Apple in a statement to CNET, Apple had this to say about Wardle's claim:"MacOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval. We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents."

 
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: macOS High Sierra Security Flaw, macOS High Sierra Update, macOS, Laptops, PC, Mac
Android 8.0 Oreo Reportedly Causing Settings App to Crash on Pixel Devices
Oppo F3 Diwali Limited Edition With Dual Selfie Cameras Launched in India: Price, Specifications
Advertisement
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. iQOO Z11 Turbo Design Teased; Specifications Leaked
  2. OnePlus Pad Go 2 Review
  3. Oppo Reno 15 Pro Mini Confirmed to Launch in India Alongside These Models
  4. OnePlus Reportedly Developing New Smartphone for India, Global Markets
  5. Asus VM670KA AiO All-in-One Desktop PC With 27-Inch Display Launched in India
  6. Godfather of AI Yann LeCun Reveals the Name of His New AI Startup
  7. Huawei Nova 15 Series With Kirin Chips, Up To 6,500mAh Batteries Launched
  8. Xiaomi Watch 5, Xiaomi Buds 6 to Launch Alongside Xiaomi 17 Ultra
  9. Kaya-Chan Isn't Scary Soon on OTT: Everything You Need to Know About Streaming, Plot, Cast
  10. Here's When the Redmi Pad 2 Pro 5G Will Launch in India
#Latest Stories
  1. Yann LeCun Sets Up Advanced Machine Intelligence AI Startup After Announcing Departure From Meta
  2. Nayanam Now Available For Streaming Online: What You Need to Know About This Psychological Thriller Online
  3. Kaya-Chan Isn’t Scary OTT Release Details: Know Where to Watch This Anime Horror-Comedy Series Online
  4. Samsung Galaxy S25 Series Gets One UI 8.5 Beta 2 Update in India With New Improvements, Bug Fixes
  5. Oppo Pad Air 5 Display, Battery Upgrades Confirmed Ahead of December 25 Launch in China
  6. OpenAI Upgrades ChatGPT With Adjustable Personality Traits, Response Styles
  7. Huawei Nova 15 Ultra Launched With 6,500mAh Battery, Kirin 9010S Chip, Nova 15 Pro, Nova 15 Tag Along: Price, Features
  8. Huawei Watch 10th Anniversary Edition With 1.38-inch LTPO 2.0 AMOLED Screen, HarmonyOS 6 Launched: Price, Features
  9. OnePlus Phone Codenamed ‘Volkswagen’ With Snapdragon 8s Gen 4 Chip Tipped to Launch in India, Global Markets
  10. How to Keep Your Free Perplexity Pro on Airtel: New Card Requirement Explained
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.