Report: Security hole in macOS Keychain puts passwords at risk

A security researcher has found an exploit in the Mac's Keychain.

Apple released macOS High Sierra on Monday, so it should be a nice way to spotlight the Mac this week after last week’s iOS 11 and iPhone 8 releases. But a report by a security researcher at Synack puts a bit of a damper on the High Sierra release.

Patrick Wardle, Synack’s head of research, posted a video on Monday that shows how code he wrote can be used to get passwords from macOS’s Keychain. Keychain is the password manger built into macOS, and it usually requires a master password to access it. But Wardle’s code was able to access Keychain and collect passwords. The video below is a demonstration posted by Wardle.

Steal y0 (macOS) Keychain from patrick wardle on Vimeo.

Wardle has not publicized the exploit he used, so it’s probably not being put to use by nefarious people or groups. Still, as a matter of standard practice, do not download or install software that raises your suspicion. Stick with trusted sources. If you haven’t upgraded to High Sierra, you might consider holding off until Apple releases an update.

We’ve reached out to Apple for comment and will update this article appropriately.

Join the newsletter!

Error: Please check your email address.

Tags macOS High Sierra

More about AppleSierra

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Roman Loyola

Latest Videos

More videos

Blog Posts