High Sierra Reportedly Has A Password Problem

High Sierra Reportedly Has A Password Problem

Apple’s latest macOS, High Sierra, rolls out today with plenty of nice security upgrades, including weekly firmware validation. But the new OS apparently comes with a security problem, too — a security researcher at Synack has already discovered a way to snatch passwords from High Sierra.

Photo: Getty

Patrick Wardle, the head of research at Synack, revealed the issue today in a video where he demonstrated code that appeared to extract plaintext passwords from the Keychain. If users opt into using Keychain, they can use it to store their login information, credit cards and Wi-Fi passwords.

Normally, all Keychain information is locked down with a user’s master password. But Wardle was able to extract passwords from the Keychain without entering a master password, showing that an attacker with access to an unlocked computer might be able to steal Keychain data.

Wardle’s walk-through video demonstrates his “keychainStealer” app and shows it pulling plaintext passwords for Twitter, Facebook and Bank of America. He hasn’t made the exploit public, so users shouldn’t be at risk.

Gizmodo contacted Apple and Wardle for comment but had not heard back at time of writing.


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.