• Home
  • macOS
  • macOS High Sierra Ships With Vulnerability That Could Allow Unsigned Apps to Steal Keychain Logins in Plaintext

macOS High Sierra Ships With Vulnerability That Could Allow Unsigned Apps to Steal Keychain Logins in Plaintext

macOS High Sierra Ships With Vulnerability That Could Allow Unsigned Apps to Steal Keychain Logins in Plaintext

Apple’s new Mac operating system, macOS High Sierra, shipped with a vulnerability that allows apps to steal Keychain passwords in plaintext. Thankfully, it requires users to intentionally override macOS’s built-in security.

Synack research director, Patrick Wardle, was able to use the security hole to grab login information for a number of websites, including logins for Facebook and Bank of America. Wardle told Forbes the exploit doesn’t require root access, and works as long as the user is logged in.

macOS High Sierra Ships With Vulnerability That Could Allow Unsigned Apps to Steal Keychain Logins in Plaintext

The vulnerability does require that users download, install and run a malicious app by deliberately overriding macOS security settings, which would include a warning about trusting unsigned software.

Wardle says other versions of macOS are also vulnerable to the exploit.

macOS High Sierra was released to the public on Monday, following a lengthy beta testing period. It isn’t clear whether Apple knew of the vulnerability, or if it is working on a fix.

Related

  1. Tim Cook to Make Return Appearance at AllThingsD’s D11 Conference
  2. Apple Releases iOS 4.3.5 Update
  3. New iPhone 7 Ad Promotes Device’s Dual Cameras, Stereo Sound, & Water Resistance
  4. Apple’s Tim Cook Visits China Mobile To Discuss TD-LTE In Future iPhones
  5. VirnetX Bidding to Add Apple’s Recent Products to FaceTime Lawsuit
  6. 1,000 Workers Strike at Apple Keyboard Factory in China
Apple Giveaways

iPhone X Giveaway

$999

Enter

MacBook Pro Giveaway

$1499.00

Enter

10.5″ iPad Pro Giveaway

$649.00

Enter

iPhone 8 Plus Giveaway

$800.00

Enter
Share