Report: Security hole in macOS Keychain puts passwords at risk
“);});try{$(“div.lazyload_blox_ad”).lazyLoadAd({threshold:0,forceLoad:false,onLoad:false,onComplete:false,timeout:1500,debug:false,xray:false});}catch(exception){console.log(“error loading lazyload_ad “+exception);}});
Apple released macOS High Sierra on Monday, so it should be a nice way to spotlight the Mac this week after last week’s iOS 11 and iPhone 8 releases. But a report by a security researcher at Synack puts a bit of a damper on the High Sierra release.
Patrick Wardle, Synack’s head of research, posted a video on Monday that shows how code he wrote can be used to get passwords from macOS’s Keychain. Keychain is the password manger built into macOS, and it usually requires a master password to access it. But Wardle’s code was able to access Keychain and collect passwords. The video below is a demonstration posted by Wardle.
Wardle has not publicized the exploit he used, so it’s probably not being put to use by nefarious people or groups. Still, as a matter of standard practice, do not download or install software that raises your suspicion. Stick with trusted sources. If you haven’t upgraded to High Sierra, you might consider holding off until Apple releases an update.
We’ve reached out to Apple for comment and will update this article appropriately.