contador Skip to content

Mac: a flaw allows the recovery of keychain passwords

Mac

Posted: October 5 2017
Updated: October 6, 2017

by Paul

Apple launched macOS High Sierra at the end of last month. As announced by rumors, the update brings with it various improvements, new features and some bug fixes. However, a few hours after its launch, a security breach was detected. Moreover, it is not a small vulnerability since it threatens the privacy of users.

The fault in question allows to recover passwords saved in the keychain. It is a utility in which the user’s connection data, their security keys and also their payment card numbers can be stored. Explanations from former NSA researcher Patrick Wardle, who discovered and reported the information on his Twitter account, can use an unsigned application to view and distribute the data in the clear.

Note that because of this vulnerability, the application is able to bypass user access checks. And what is even more serious is that you can exploit it very well without needing “root” permissions. Finally, if this security flaw was identified on macOS High Sierra at the start, older versions of the Apple desktop OS are also affected…