BREAKING: Zero Day Bug In macOS High Sierra Can Facilitate Password Theft [UPDATE: Fixed]

On the day that Apple decided to drop it’s latest and greatest OS which is macOS High Sierra, comes this bombshell from Patrick Wardle who a former NSA hacker who now serves as chief security researcher at ‎Synack:

Let me translate this for you. He has a proof of concept attack using an unsigned app that exploits a hole in macOS High Sierra that facilitates the theft of any or all of your passwords that are stored in the Keychain app.

Yikes!

Now Apple hasn’t responded to this zero day threat, but to be frank it has to respond. This is not a trivial issue and this can be a major threat to anyone who upgrades to this OS which was released an hour ago as I type this story. The other side of the fence is that because it requires the use of an unsigned app to get pwned, being careful should keep you safe. But regardless of which side of the fence you happen to agree with, Apple needs to get a fix for this out there now. Until then, you have to question if upgrading to Apple’s latest and greatest is a good idea.

UPDATE: This is now fixed. Details here.

Advertisements

One Response to “BREAKING: Zero Day Bug In macOS High Sierra Can Facilitate Password Theft [UPDATE: Fixed]”

  1. […] is there a reason that you shouldn’t upgrade to High Sierra? Frankly, other than this security hole, if your Mac support High Sierra (which any Mac that ran Sierra will), then this is a worthwhile […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: