Skip to main content
  1. Home
  2. Computing
  3. News

A High Sierra bug in the MacOS update could make it easy to steal passwords

By

A security researcher as discovered a MacOS High Sierra bug that makes it easy for hackers to steal passwords and other hidden login credentials from a user’s system. The bug appears to give hackers the ability to access Keychain data in plaintext without knowing the master password.

The purpose of the Keychain is to hold on to various login credentials and other secretive information and to keep it hidden from prying eyes. Like third-party password managers, you’re only supposed to be able to access that information with a master password. With the bug in High Sierra though, it appears that unsigned apps are able to circumvent that safeguard entirely.

Recommended Videos

Discovered by ex-NSA analyst and security researcher Patrick Wardle (thanks MacRumors), the bug makes it possible to dump the contents of Keychain’s password storage, accessing everything from banking passwords, to your Facebook login in plaintext.

Steal y0 (macOS) Keychain

Perhaps even more concerning is that this bug may have existed for some time. Although it has been proven to work following the High Sierra update, it’s possible that it could also work with older versions of MacOS.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, HBO Max, and more

The one silver lining to this news is that, as with many attacks from nefarious individuals, a High Sierra user would need to download a malicious application from somewhere other than the App Store for the exploit to work. That’s something that Apple and most security professionals would heavily discourage, though it does sometimes happen.

To prove that the exploit exists, Wardle crafted a malicious app called “KeychainStealer,” which was able to reveal his phony Bank of America, Twitter, and Facebook login details with little effort. Although he hasn’t revealed the exact method of attack, it stands to reason that if he can figure it out, others will be able to as well, especially now that they know it’s possible.

For that reason some may not like that Wardle has been transparent with his concerns, though this story stands a much greater chance of forcing Apple to fix the bug than if he’d kept it to himself.

Still, it’s possible that this announcement isn’t entirely altruistic. Wardle does operate a Patreon to help support the creation of security software under his Objective-See brand, so this announcement should drive some interest in it.

Jon Martindale
Jon Martindale
Evergreen writer
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
Topics

Editors’ Recommendations

How macOS Sonoma could fix widgets — or make them even worse
Apple's 15-inch MacBook Air on a desk, with macOS Sonoma running on its display.

At its Worldwide Developers Conference (WWDC) earlier this year, Apple revealed that interactive widgets would be coming to macOS Sonoma. That probably sounds like a tiny new feature, and sure, it’s not as earth-shattering as the Vision Pro announcement. But it could turn out to be one of the most divisive new features in the Mac operating system.

In macOS Sonoma, you’ll be able to plant widgets on your desktop instead of hiding them in the Notification Center. Many widgets will be interactive, letting you tick off to-do list items without opening the widget’s app, for example. And you’ll be able to run iOS widgets right on your desktop, even if that app isn’t installed on your Mac. It’s a pretty comprehensive overhaul. Depending on how well these interactive widgets work, though, we could be left with a bunch of annoying distractions or a set of super-helpful timesavers. The way Apple handles them is going to be vital.
We've been here before

Read more
Apple could launch a Frankenstein iPad Pro that runs macOS
ipad pro 2021.

People have been complaining for years that Apple should just merge its mobile and desktop operating systems, and they might finally see their wish come true -- sort of. That’s because a new rumor claims Apple is working on bringing macOS to the M2 iPad Pro, but it could be nothing more than a tall tale.

The rumor comes from leaker Majin Bu on Twitter, who claims their sources have told them Apple is working on a “smaller” version of macOS that would be exclusively for the M2 iPad Pro, which Apple has only just released.

Read more
MacOS Ventura’s best feature is 16 years in the making
Stage manager in macOS Ventura.

Apple unveiled the upcoming Stage Manager as part of MacOS Ventura during WWDC 2022. The feature, created to improve productivity and make it easier to switch between groups of apps, certainly seems like it could become a staple.

Although Stage Manager seems to be all-new, it seems that its concept has been around for much longer than we thought. According to an ex-Apple developer, Stage Manager was first created all the way back in 2006. How much has it changed since then?

Read more