MacRumors
All >
Guides
A12Z vs A12X

Apple in March 2020 introduced new 11- and 12.9-inch iPad Pro models with A12Z processors. Here's how it compares to the A12X.

FaceTime

Everything you might want to know about FaceTime.

How to Group FaceTime

Many people are stuck at home, away from friends and family. Apple's FaceTime can video chat with up to 32 people at once.

How to Clean and Sanitize your iPhone

Washing your hands is only going half way. You should also clean your iPhone regularly.

How to Clean Your Keyboard, Trackpad and Mouse
iOS 13 Battery Tips
iPhone
Night Mode (iPhone 11)
iPhone 11 vs iPhone 11 Pro
iPhone 11 vs iPhone XR
iOS 13: Hidden Features
See more guides
Upcoming
iPhone 12
September 2020

Four new phones in three sizes expected with 5G and new AR capabilities.

iPhone SE 2
Early 2020

Low-cost device similar to iPhone 8 but with upgraded internals such as latest A13 chip.

MacBook Pro
Early 2020

Updated 13-inch model with the redesigned scissor keyboard expected.

AirTags
2020?

Apple is working on a Tile-like Bluetooth tracking device that's designed to be attached to items like keys and wallets for tracking purposes, letting you find them right in the Find My app.

iOS 14
Foldable iPhone
See full product calendar

macOS High Sierra Vulnerability Allegedly Allows Malicious Third-Party Apps to Access Plaintext Keychain Data

Monday September 25, 2017 11:32 am PDT by Juli Clover

macOS High Sierra, released to the public today, could be impacted by a major security flaw that could allow a hacker to steal the usernames and passwords of accounts stored in Keychain.

As it turns out, unsigned apps on macOS High Sierra (and potentially earlier versions of macOS) can allegedly access the Keychain info and display plaintext usernames and passwords without a user's master password.

Security researcher and ex-NSA analyst Patrick Wardle tweeted about the vulnerability early this morning and shared a video of the exploit in action.


For this vulnerability to work, a user needs to download malicious third-party code from an unknown source, something Apple actively discourages with warnings about apps downloaded outside of the Mac App Store or from non-trusted developers. In fact, Apple does not even allow apps from non-trusted developers to be downloaded without explicitly overriding security settings.

As demonstrated in the video above, Wardle created a proof-of-concept app called "keychainStealer" that was able to access plaintext passwords stored in Keychain for Twitter, Facebook, and Bank of America. Wardle spoke to Forbes about the vulnerability and said it's actually not hard to get malicious code running on a Mac even with Apple's protections in place.

"Without root priveleges, if the user is logged in, I can dump and exfiltrate the keychain, including plaintext passwords," Wardle told Forbes. "Normally you are not supposed to be able do that programmatically."

"Most attacks we see today involve social engineering and seem to be successful targeting Mac users," he added. "I'm not going to say the [keychain] exploit is elegant - but it does the job, doesn't require root and is 100% successful."

Wardle has not provided the full exploit code for malicious entities to take advantage of, and he believes Apple will patch the problem in a future update.

As Wardle has not released the full exploit code, it has not been double-checked by MacRumors or another source, so full details on the vulnerability are not known just yet.

Apple has not yet responded to requests for comment about the potential vulnerability.

Top Rated Comments

(View all)
Avatar
DblHelix
33 months ago
Would have been great if he contacted Apple before the OS was released. Just looking for attention. Jerk
Score: 58 Votes (Like | Disagree)
Avatar
sequential
33 months ago

Would have been great if he contacted Apple before the OS was released. Just looking for attention. Jerk

1. Would have been even greater if Apple had ppl who found these kind of bugs themselves before release.
2. You don't know if he found this yesterday. But sure hate on the guy who might have prevented your bank account password from ending up in the wrong hands.
Score: 52 Votes (Like | Disagree)
Avatar
bladerunner2000
33 months ago
On release day. That's embarrassing.
Score: 38 Votes (Like | Disagree)
Avatar
carlsson
33 months ago
OMG, to enable this software you have to enter System Preferences, answer YES on two dialogues, and also enter your password. Then it may STEAL your not encoded things stored in the keychain (by default everything is stored encoded). I think I'm going to Windows now. This is just too much!!!

/irony ended
Score: 34 Votes (Like | Disagree)
Avatar
s15119
33 months ago
sigh. don't download junk, don't jeopardize your computer. Common sense is the best anti-virus.
Score: 21 Votes (Like | Disagree)
Avatar
bladerunner2000
33 months ago

If he did find it yesterday, he should have disclosed it to Apple and given them 90 days to fix it.

He doesn't owe Apple anything. Just like Apple doesn't owe him anything. He did them a favour.
Score: 19 Votes (Like | Disagree)
Read All Comments

Top Stories

Apple Acquires Weather App Dark Sky

Tuesday March 31, 2020 10:22 am PDT by Juli Clover
Apple has acquired weather app Dark Sky, Dark Sky's developers announced today. Dark Sky is one of the most popular weather apps on the App Store, known for its accuracy and storm warnings. Our goal has always been to provide the world with the best weather information possible, to help as many people as we can stay dry and safe, and to do so in a way that respects your privacy. There is no ...
Read Full Article166 comments

Seemingly Unreleased Version of Logic Pro X With Live Loops Appears on Apple's Education Site [Updated]

Sunday March 29, 2020 7:23 am PDT by Hartley Charlton
Update: Apple has replaced the Logic Pro X image with an older version. Original story follows. A seemingly unreleased version of Logic Pro X has appeared on Apple's education site, as spotted by a Reddit user. The image from Apple's education products page shows a 16-inch MacBook Pro running Logic Pro X, but with a familiar interface that looks extremely similar to GarageBand's Live Loops ...
Read Full Article63 comments

Bloomberg: Apple's 5G iPhone Still on Schedule for Fall Launch, But Future Products Could Be Delayed

Monday March 30, 2020 2:40 am PDT by Tim Hardwick
Apple's 5G iPhone is still on track to launch within the company's typical annual fall release schedule, according to a new Bloomberg report on filed on Monday. Signs are that Apple's Chinese-centric manufacturing -- of which Hon Hai is the linchpin -- is slowly getting back on track. The next iPhones with 5G wireless capabilities remain on schedule to launch in the fall, partly because mass...
Read Full Article86 comments

Case for Upcoming Low-Cost iPhone Shows Up at Best Buy With Alleged April 5 Stock Date

Monday March 30, 2020 4:25 pm PDT by Juli Clover
Apple has a new low-cost iPhone in the works, which is supposed to be launching sometime in the first half of 2020. Given the ongoing situation in the United States and other countries, it's been unclear if the device is going to launch within the planned timeline, but there are signs that it could be coming soon. We started seeing cases for the new low-cost iPhone back in early February,...
Read Full Article108 comments

Testing Brydge's New Pro+ Keyboard With Trackpad for iPad Pro

Monday March 30, 2020 2:04 pm PDT by Juli Clover
Well ahead of when Apple introduced trackpad support in iOS 13.4, Brydge announced an iPad Pro keyboard with a built-in multi-touch trackpad. We have one of Brydge's new Pro+ keyboards on hand, and thought we'd check it out to see how it works with Apple's new 2020 iPad Pro models. Subscribe to the MacRumors YouTube channel for more videos. The Brydge Pro+ keyboard is similar in design to...
Read Full Article49 comments

Apple's Work on New Upcoming Products Progressing Normally as Employees Adjust to Telecommuting

Monday March 30, 2020 11:58 am PDT by Juli Clover
Apple's development of upcoming products is progressing as usual despite the fact that Apple employees around the world are working from home, according to a new report today out from Bloomberg. Apple is still working on new versions of the HomePod, Apple TV, MacBook Pro, budget iPads, Apple Watch, iPhone, and iMac, all of which could be released "as early as later this year" and have been...
Read Full Article42 comments

Apple Releases ProRes RAW Beta for Windows

Monday March 30, 2020 9:33 am PDT by Juli Clover
Apple today released ProRes RAW for Windows in a beta capacity (via Mark Gurman), with the software designed to allow ProRes RAW and ProRes RAW HQ video files to be watched in compatible applications on Windows machines. According to Apple, the software will let the files be played within several Adobe apps: Adobe After Effects (Beta) Adobe Media Encocder (Beta) Adobe Premiere...
Read Full Article43 comments

2020 iPad Pro Teardown Provides Closer Look at LiDAR Scanner and Confirms Incremental Update

Saturday March 28, 2020 9:56 am PDT by Hartley Charlton
iFixit today shared a video teardown of the new iPad Pro, which Apple unveiled earlier this month. iFixit found that most of the internals of the 2020 iPad Pro are the same as the 2018 model, confirming that the device is a relatively incremental update. The most notable new feature seen inside the new iPad Pro was the LiDAR scanner, which measures the distance to surrounding objects up...
Read Full Article168 comments

Apple Configurator 2 Updated With New Features, Including Support for Restoring Firmware on 2019 Mac Pro

Tuesday March 31, 2020 5:34 am PDT by Joe Rossignol
Apple Configurator 2 has been updated to version 2.12 with several improvements, including support for restoring firmware on the 2019 Mac Pro. The release notes:• Added support for restoring firmware on the 2019 Mac Pro • Allow access to websites using TLS 1.0 and 1.1 • VPN: Configure Provider Designated Requirement for Custom SSL connection type • VPN: Configure network options for ...
Read Full Article9 comments

U.S. Government Using Mobile Ad Location Data to Track Compliance With Curbs on Movement

Monday March 30, 2020 4:48 am PDT by Tim Hardwick
The U.S. government is using smartphone location data from the mobile ad industry to track people's movements amid the coronavirus outbreak, according to a Wall Street Journal report. Local governments and the Centers for Disease Control and Prevention have received the anonymized data about people in areas of "geographic interest," with the aim being to create a portal of geolocation...
Read Full Article90 comments
Mac RumorsMac Rumors

 

MacRumors attracts a broad audience of both consumers and professionals interested in the latest technologies and products. We also boast an active community focused on purchasing decisions and technical aspects of the iPhone, iPod, iPad, and Mac platforms.

Advertise on MacRumors


Our Staff

Arnold Kim
Editorial Director
EmailTwitter
Eric Slivka
Editor in Chief
EmailTwitter
Juli Clover
Senior Editor
EmailTwitterGoogle+
Joe Rossignol
Editor
EmailTwitter
Marianne Schultz
Editor
EmailTwitter
Dan Barbera
Video Content Producer
EmailTwitter
Mitchel Broussard
Contributing Editor
EmailTwitter
Tim Hardwick
Contributing Writer
EmailTwitter
Chris Jenkins
Contributing Writer
EmailTwitter
Steve Moser
Contributing Writer
EmailTwitter

Links

Touch Arcade
‘DOOM’ and ‘DOOM II’ Updates with New Level Pack, Quality of Life Features, Audio Improvements, and More Available Now on All Platforms
Become the Top Dog in the Online Multiplayer Strategy Game ‘Bark Park’ that’s Launching Next Week
SwitchArcade Round-Up: ‘Grimvalor’ Coming to Switch, ‘Operencia’, ‘Bubble Bobble 4 Friends’, and Today’s Other New Releases, the Latest Sales, and More
‘Rush Rally 3’ Just Got a Big Update Adding a New Classic Cars Expansion IAP, Updated Graphics for All Cars, and More
Niantic Just Revealed Plans for ‘Pokemon GO’ in April and How It Will Let Players Do More Indoors in the Future
‘Four Last Things’ Spiritual Successor ‘The Procession to Calvary’ Hits Desktop April 9th with Mobile Versions in the Works
‘Pascal’s Wager’ Gets New Game+ Mode and More in Latest Update
SwitchArcade Round-Up: ‘Animal Crossing: New Horizons’ Review, Mini-Views Featuring ‘Panzer Dragoon Remake’ and More, the Latest Releases and Sales, and More
Copyright © 2000-2020 MacRumors.com, LLC.
Privacy / DMCA contact / Affiliate and FTC Disclosure
[ Featured On/Off ] [ Full Articles On/Off ] [ Fluid | Fluid HD ] [ Auto | Light | Dark ]