macOS Keychain vulnerability — what you need to know!A Keychain vulnerability has been discovered in macOS. Here's what you need to know.
Just as macOS High Sierra, security researcher Patrick Wardle tweeted a previously undisclosed (zero day) vulnerability in Keychain, Apple's secure credential repository. The vulnerability potentially affects a wide range of macOS versions.
on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords)🍎🙈😭 vid:
https://t.co/36M2TcLUAn #smh pic.twitter.com/pqtpjZsSnq— patrick wardle (@patrickwardle) September 25, 2017
Wardle is saying that he could put a malicious app on someone's Mac and then use that app to get around Keychain's security and pull out usernames and passwords programmatically.
That means Wardle, or someone using the same exploit, would have to use a phishing attack or some form of social engineering to get the malicious app onto your Mac, then use that malicious app to go after your Keychain.
It's a bad bug...
Source:
macOS Keychain vulnerability — what you need to know!
