Close  

WATCH: MacOS High Sierra may put passwords at risk

/ 04:09 PM September 27, 2017

Image: Apple official website

Apple recently launched the new macOS High Sierra, the latest update to its Mac operating system. But a vulnerability was discovered, which may put a user’s collection of passwords at risk.

MacOS uses the Keychain feature to keep track of passwords used on computers. The vulnerability allows attackers to copy all the passwords logged on the Keychain and save them in plain text. This was discovered by former National Security Agency hacker and present-chief security researcher at Synack, Patrick Wardle, reports ZDNet.

ADVERTISEMENT

The exploit can be activated through a disguised app. Wardle demonstrated this on a video by creating an app called keychainStealer to extract all the passwords from Keychain.

“Apple marketing has done a great job convincing people that macOS is secure, and I think that this is rather irresponsible and leads to issues where Mac users are overconfident and thus more vulnerable,” said Wardle in the report.

FEATURED STORIES

He also said the issue was already reported to Apple prior to the launch of High Sierra. Apart from High Sierra, older versions of macOS were also vulnerable to the exploit.

Apple released this statement in response: “MacOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval. We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that MacOS presents.”

The company has yet to announce when a patch will be available. Alfred Bayle/JB

RELATED STORIES:

Google acquires talents from HTC mobile

WATCH: Techies show how to buy a MacBook for P50

Philippines ranked 8th most vulnerable to malware attacks in Asia

ADVERTISEMENT
TOPICS: Hack, High Sierra, keychain, MacOS, operating system, Password, upgrade, vulnerability
Read Next
Don't miss out on the latest news and information.

Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.

For feedback, complaints, or inquiries, contact us.


© Copyright 1997-2020 INQUIRER.net | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.