BREAKING: Zero Day Bug In macOS High Sierra Can Facilitate Password Theft [UPDATE: Fixed]

On the day that Apple decided to drop it’s latest and greatest OS which is macOS High Sierra, comes this bombshell from Patrick Wardle who a former NSA hacker who now serves as chief security researcher at ‎Synack:

Let me translate this for you. He has a proof of concept attack using an unsigned app that exploits a hole in macOS High Sierra that facilitates the theft of any or all of your passwords that are stored in the Keychain app.


Now Apple hasn’t responded to this zero day threat, but to be frank it has to respond. This is not a trivial issue and this can be a major threat to anyone who upgrades to this OS which was released an hour ago as I type this story. The other side of the fence is that because it requires the use of an unsigned app to get pwned, being careful should keep you safe. But regardless of which side of the fence you happen to agree with, Apple needs to get a fix for this out there now. Until then, you have to question if upgrading to Apple’s latest and greatest is a good idea.

UPDATE: This is now fixed. Details here.


2 Responses to “BREAKING: Zero Day Bug In macOS High Sierra Can Facilitate Password Theft [UPDATE: Fixed]”

  1. […] is there a reason that you shouldn’t upgrade to High Sierra? Frankly, other than this security hole, if your Mac support High Sierra (which any Mac that ran Sierra will), then this is a worthwhile […]

  2. […] has been slipping for a while. For example, around the time that macOS High Sierra shipped, there was a zero day bug that was discovered that allowed for password theft. Shortly after that another horrible security hole that Apple had to quickly patch appeared. Both […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: