macOS High Sierra launch blighted by password-stealing keychain 0-day vulnerability

Apple has only just released macOS High Sierra, but before the update was even out of the door, a 0-day vulnerability had been discovered. A flaw in the Mac keychain makes it possible for malicious applications to steal the contents of the keychain, including plaintext passwords. It affects not only High Sierra, but also older version of macOS. The way keychain works means that it should not be possible for the keychain to be accessed without providing the master password, but the vulnerability bypasses this requirement. The problem was discovered and demonstrated by security researcher Patrick Wardle from Synack, who… [Continue Reading]