macOS High Sierra Update Contains Keychain Security Vulnerability That Reveals Passwords: Report

Advertisement
By Gadgets 360 Staff | Updated: 26 September 2017 14:48 IST
Highlights
  • Apple released the macOS High Sierra update on Monday
  • The update is affected by a security vulnerability, said a researcher
  • Usernames and passwords can be stolen from Keychain, a report says

Apple's public release of the macOS High Sierra update for Mac owners has been tainted with a report by a security researcher that claims it has a serious vulnerability. Director of Research at security firm Synack and ex-NSA analyst Patrick Wardle on Monday said macOS High Sierra contains a major security flaw that can potentially allow hackers to steal user credentials from accounts stored in Keychain.

Wardle said the macOS High Sierra flaw can allow hackers to steal usernames and passwords from accounts stored in Keychain. He told Forbes that the unsigned apps on macOS High Sierra can access the information from Keychain and even show the plaintext usernames and passwords without the need of user's master password.

Advertisement

 

 

Wardle has even shared a video where we can see the exploit in action, showing how a 'keychainStealer' app he created could expose user credentials. He tells ZDNet the exploit could be masked in a regular app or even be sent in an email. The researcher added that he had reported the bug to Apple in September, however the patch wasn't a part of the global release on Monday.

"As a passionate Mac user, I'm continually disappointed in the security of macOS," he told ZDNet. "I don't mean that to be taken personally by anybody at Apple - but every time I look at macOS the wrong way something falls over. I felt that users should be aware of the risks that are out there I'm sure sophisticated attackers have similar capabilities... Apple marketing has done a great job convincing people that macOS is secure, and I think that this is rather irresponsible and leads to issues where Mac users are overconfident and thus more vulnerable," he opined.

Apple in a statement to CNET, Apple had this to say about Wardle's claim:"MacOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval. We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents."

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement
Popular Mobile Brands
  1. Amazon Prime Day 2026: Best Deals on Fire TV Stick and Streaming Devices
  2. Amazon Prime Day Laptop Deals: Best Discounts on HP, Asus, Lenovo and More
  3. Xiaomi 18 Pro Max Prototype Leaked With Dual 200MP Cameras, 100W Charging
  4. Everything We Know About the Nothing Phone 4b
  5. Amazon Prime Day 2026: 55-inch Smart TV Deals from Lumio, Samsung and More
  6. iPhone 18 May Receive RAM Boost to Handle Apple Intelligence Better
  1. Xiaomi 18 Pro Max Camera, Display, Battery Details Tipped; May Get 8,500mAh Battery, 200-Megapixel Cameras
  2. iPhone 18, iPhone 18e Tipped to Get 9GB RAM Upgrade for Apple Intelligence; Pro Models May Stick With 12GB
  3. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  4. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  5. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  6. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  7. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  8. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  9. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  10. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.