The Keychain password vulnerability affecting macOS —including High Sierra —was reported to Apple on Sept. 7, and should be fixed by the tech giant soon, Patrick Wardle, the research who first publicized the issue, told Gizmodo.
He reported that code that appeared to extract plaintext passwords from the Keychain. If users opt into using Keychain, they can use it to store their login information, credit cards, and WiFi passwords.
All Keychain info is normally locked down with a user’s master password. However, Wardle was able to extract passwords from the Keychain without entering a master password, showing that an attacker with access to an unlocked computer might be able to steal Keychain data.
“Applications running on your system are able to access all the information in the Keychain without any user interaction,” Wardle told Gizmodo. “There’s a vulnerability that allows local code to access the keychain and bypass the security components.”
He said he won’t make his exploit public until it’s patched. And he doesn’t feel there’s a need to wait to upgrade to High Sierra.
“I think everyone should update. There’s a lot of good built-in security features. This attack works on older versions of Mac OS as well. There’s no reason for people not to upgrade,” Wardle told Gizmodo.
Apple continues to look into ways to make the Vision Pro more comfortable.
Apple has filed for another patent that hints at a foldable iPhone (of which I’m…
Apple has been granted a patent (number US 11875021 B2) for an “Underwater User Interface”…
Dr. Sumbul Desai, vice president of Health at Apple, has been named to TIME magazine’s…
Mother’s Day is coming on Sunday, May 12,, and a new Apple Pay promo —…
Apple will bring recent iOS changes for apps to iPadOS this fall to comply with…