macOS High Sierra Update Contains Keychain Security Vulnerability That Reveals s: Report l263j

macOS High Sierra update for Mac owners has been tainted with a report by a security researcher that claims it has a serious vulnerability. Director of Research at security firm Synack and ex-NSA analyst Patrick Wardle on Monday said macOS High Sierra contains a major security flaw that can potentially allow hackers to steal credentials from s stored in Keychain. 1l4i4r

Wardle said the macOS High Sierra flaw can allow hackers to steal names and s from s stored in Keychain. He told Forbes that the unsigned apps on macOS High Sierra can access the information from Keychain and even show the plaintext names and s without the need of 's master .

on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext s)🍎🙈😭 vid: https://t.co/36M2TcLUAn #smh pic.twitter.com/pqtpjZsSnq

— patrick wardle (@patrickwardle) September 25, 2017

Wardle has even shared a video where we can see the exploit in action, showing how a 'keychainStealer' app he created could expose credentials. He tells ZDNet the exploit could be masked in a regular app or even be sent in an email. The researcher added that he had reported the bug to Apple in September, however the patch wasn't a part of the global release on Monday.

"As a ionate Mac , I'm continually disappointed in the security of macOS," he told ZDNet. "I don't mean that to be taken personally by anybody at Apple - but every time I look at macOS the wrong way something falls over. I felt that s should be aware of the risks that are out there I'm sure sophisticated attackers have similar capabilities... Apple marketing has done a great job convincing people that macOS is secure, and I think that this is rather irresponsible and leads to issues where Mac s are overconfident and thus more vulnerable," he opined.

Apple in a statement to CNET, Apple had this to say about Wardle's claim:"MacOS is designed to be secure by default, and Gatekeeper warns s against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval. We encourage s to software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents."