MacOS High Sierra zero-day shows Keychain passwords in plain text
Wed, 27th Sep 2017
FYI, this story is more than a year old
SARA BARKER
Copywriter and Senior News Editor
MacOS users who are starting the upgrade to High Sierra – and those who are using El Capitan – are vulnerable to a proof-of-concept attack that shows their online passwords in plain text, according to Synack security researcher Patrick Wardle.
He discovered that Mac Keychain, a native password management tool, can store online account usernames and passwords in plain text, allowing malicious applications direct access to the account details. However, the Keychain is generally protected by a master password.
Wardle revealed the details in a video that showed a demonstration of the attack.
Explore with AI
Related stories
Your Immune System Doesn't Wait. Neither Should Your Security
KnowBe4 adds outbound email security tools for SMBs
CrowdStrike disrupts Glassworm botnet targeting developers
Rubrik & MEDITECH team up on hospital cyber resilience
A long time ago in a galaxy far, far away…Cybersecurity was already hard