The new macOS High Sierra software update is now available for the Mac. According to security researcher Patrick Wardle, there appears to be a serious vulnerability in the OS.
The security flaw apparently lets hackers have access to Keychain information and it can display plaintext passwords and usernames without the need for the master password.
on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords)🍎🙈😭 vid: https://t.co/36M2TcLUAn #smh pic.twitter.com/pqtpjZsSnq
— patrick wardle (@patrickwardle) September 25, 2017
The video below shows how this works, although the actual vulnerability has not been revealed, so Apple should be able to fix it before any damage is done.
As yet there is no word from Apple on when this flaw will be fixed, as soon as we get some more details, we will let you guys know.
Understanding the Vulnerability
The vulnerability in macOS High Sierra is particularly concerning because it allows unsigned applications to access the Keychain without requiring the master password. The Keychain is a critical component of macOS, designed to store and protect sensitive information such as passwords, certificates, and private keys. By exploiting this flaw, malicious actors can potentially gain access to a user’s most sensitive data, including login credentials for various services and applications.
Patrick Wardle, a well-known security researcher, demonstrated this vulnerability through a video, which shows how an unsigned app can programmatically dump and exfiltrate Keychain data. This means that even if users are cautious about the apps they install, they could still be at risk if an app they trust is compromised or if they inadvertently install a malicious app.
Potential Impact and Mitigation
The potential impact of this vulnerability is significant. If exploited, it could lead to unauthorized access to personal and corporate accounts, identity theft, and other forms of cybercrime. For businesses, the stakes are even higher, as compromised credentials could lead to data breaches, financial losses, and damage to reputation.
To mitigate the risk, users are advised to be vigilant about the apps they install and to avoid downloading software from untrusted sources. Additionally, keeping the operating system and all applications up to date is crucial, as software updates often include security patches that address known vulnerabilities.
Apple has a strong track record of responding to security issues promptly, and it is expected that they will release a patch to fix this vulnerability soon. In the meantime, users can take additional precautions by using third-party security tools that offer enhanced protection for their Keychain data.
Source Patrick Wardle, MacRumors
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
