Click to Skip Ad
Closing in...
  1. Rain Shower Head Amazon
    08:31 Deals

    This classy bathroom upgrade went mega-viral on TikTok – Amazon has it for $15

  2. Roomba Prime Day Deals
    11:20 Deals

    Amazon’s early Prime Day Roomba deals are so good, they’re starting to sell out

  3. Home Theater Projector Deals
    09:37 Deals

    This $600 home theater projector down to $240 today at Amazon, and we can’t believe it

  4. Early Prime Day Deals
    08:06 Deals

    10 incredible early Prime Day deals that are about to end at Amazon

  5. Prime Day 2021 Deals
    07:58 Deals

    5 best Amazon Prime Day deals you can already get today

Hackers have already extracted passwords from macOS High Sierra

September 26th, 2017 at 6:57 PM

Apple just launched macOS High Sierra, a Mac update that brings over several security improvements, including a new ad tracker blocker in Safari. But it also carried over a significant safety issue that would let any rogue app steal all the passwords you’ve saved in Keychain without your knowledge or any user interaction.

If you think that sticking with Sierra, for the time being, will fix it, you should know that older macOS versions are also susceptible to the same attack. You’re much better off upgrading to the latest macOS version.

The security threat was first discovered by a former NSA employee who found similar macOS security problems in the past. Patrick Wardle informed Apple about the issue on September 7th, and a patch should fix it in the near future. The security expert said he won’t reveal how the flaw works until Apple fixes it.

“Applications running on your system are able to access all the information in the Keychain without any user interaction,” Wardle told Gizmodo . “There’s a vulnerability that allows local code to access the keychain and bypass the security components.”

“If I can find these bugs, obviously nation states, malicious adversaries, and cybercriminals have tons more time and resources. I’m sure they’re finding these bugs as well,” he added.

That said, Wardle did say that it’s better to upgrade to High Sierra right now than waiting for the fix.

Apple, meanwhile, reminded Gizmodo that “macOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval. We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogues that macOS presents.”

Until a fix is available, you should avoid installing any unsigned apps from shady sources, just like Apple says. If you have any installed, you should revisit your Keychain, and change the passwords saved in it. Then, you could also consider protecting Keychain with a password that’s different from your user login password. Finally, using a different password management fixes the problem, as you’re effectively replacing Keychain with something else.

A video showing the hack in action follows below:

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he's not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that's not necessarily a bad thing.

Popular News