WATCH: MacOS High Sierra may put passwords at risk
Apple recently launched the new macOS High Sierra, the latest update to its Mac operating system. But a vulnerability was discovered, which may put a user’s collection of passwords at risk.
MacOS uses the Keychain feature to keep track of passwords used on computers. The vulnerability allows attackers to copy all the passwords logged on the Keychain and save them in plain text. This was discovered by former National Security Agency hacker and present-chief security researcher at Synack, Patrick Wardle, reports ZDNet.
The exploit can be activated through a disguised app. Wardle demonstrated this on a video by creating an app called keychainStealer to extract all the passwords from Keychain.
“Apple marketing has done a great job convincing people that macOS is secure, and I think that this is rather irresponsible and leads to issues where Mac users are overconfident and thus more vulnerable,” said Wardle in the report.
He also said the issue was already reported to Apple prior to the launch of High Sierra. Apart from High Sierra, older versions of macOS were also vulnerable to the exploit.
Apple released this statement in response: “MacOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval. We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that MacOS presents.”
The company has yet to announce when a patch will be available. Alfred Bayle/JB
Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.