macOS High Sierra Vulnerability Allegedly Allows Malicious Third-Party Apps to Access Plaintext Keychain Data

macOS High Sierra, released to the public today, could be impacted by a major security flaw that could allow a hacker to steal the usernames and passwords of accounts stored in Keychain.

As it turns out, unsigned apps on macOS High Sierra (and potentially earlier versions of macOS) can allegedly access the Keychain info and display plaintext usernames and passwords without a user's master password.

Security researcher and ex-NSA analyst Patrick Wardle tweeted about the vulnerability early this morning and shared a video of the exploit in action.


For this vulnerability to work, a user needs to download malicious third-party code from an unknown source, something Apple actively discourages with warnings about apps downloaded outside of the Mac App Store or from non-trusted developers. In fact, Apple does not even allow apps from non-trusted developers to be downloaded without explicitly overriding security settings.

As demonstrated in the video above, Wardle created a proof-of-concept app called "keychainStealer" that was able to access plaintext passwords stored in Keychain for Twitter, Facebook, and Bank of America. Wardle spoke to Forbes about the vulnerability and said it's actually not hard to get malicious code running on a Mac even with Apple's protections in place.

"Without root priveleges, if the user is logged in, I can dump and exfiltrate the keychain, including plaintext passwords," Wardle told Forbes. "Normally you are not supposed to be able do that programmatically."

"Most attacks we see today involve social engineering and seem to be successful targeting Mac users," he added. "I'm not going to say the [keychain] exploit is elegant - but it does the job, doesn't require root and is 100% successful."

Wardle has not provided the full exploit code for malicious entities to take advantage of, and he believes Apple will patch the problem in a future update.

As Wardle has not released the full exploit code, it has not been double-checked by MacRumors or another source, so full details on the vulnerability are not known just yet.

Apple has not yet responded to requests for comment about the potential vulnerability.

Top Rated Comments

(View all)
Avatar
37 months ago
Would have been great if he contacted Apple before the OS was released. Just looking for attention. Jerk
Score: 58 Votes (Like | Disagree)
Avatar
37 months ago

Would have been great if he contacted Apple before the OS was released. Just looking for attention. Jerk

1. Would have been even greater if Apple had ppl who found these kind of bugs themselves before release.
2. You don't know if he found this yesterday. But sure hate on the guy who might have prevented your bank account password from ending up in the wrong hands.
Score: 52 Votes (Like | Disagree)
Avatar
37 months ago
On release day. That's embarrassing.
Score: 38 Votes (Like | Disagree)
Avatar
37 months ago
OMG, to enable this software you have to enter System Preferences, answer YES on two dialogues, and also enter your password. Then it may STEAL your not encoded things stored in the keychain (by default everything is stored encoded). I think I'm going to Windows now. This is just too much!!!

/irony ended
Score: 34 Votes (Like | Disagree)
Avatar
37 months ago
sigh. don't download junk, don't jeopardize your computer. Common sense is the best anti-virus.
Score: 21 Votes (Like | Disagree)
Avatar
37 months ago

If he did find it yesterday, he should have disclosed it to Apple and given them 90 days to fix it.

He doesn't owe Apple anything. Just like Apple doesn't owe him anything. He did them a favour.
Score: 19 Votes (Like | Disagree)

Top Stories

iPhone 12 Sizes Compared with iPhone SE, 7, 8, SE 2, X, 11, 11 Pro and 11 Pro Max [Update]

Tuesday July 7, 2020 6:49 pm PDT by
Apple is planning on launching the iPhone 12 this fall which is rumored to be coming in 3 different sizes: 5.4", 6.1" and 6.7". The middle size (6.1") matches up with the currently shipping iPhone 11, but the other two sizes will be entirely new. Over the weekend, there was some excitement about how well the new 5.4" iPhone 12 compares to the original iPhone SE. Those who have been hoping...

Everything New in iOS 14 Beta 2: New Calendar Icon, Files Widget and More

Tuesday July 7, 2020 11:38 am PDT by
Apple today released the second beta of iOS 14 to developers for testing purposes, tweaking and refining some of the features that are coming in the update. Below, we've rounded up all of the changes that we found in the second beta. - Calendar icon - There's a new Calendar app icon in iOS 14 beta 2, with the day of the week abbreviated rather than spelled out. - Clock icon - The clock...

Hands On With iPhone 12 Models Showing New Sizes and Design

Monday July 6, 2020 2:04 pm PDT by
Ahead of the launch of new iPhones we often see dummy models created based on leaked schematics and specifications, with those models designed to let case makers create cases for the new devices ahead of their release. We got our hands on a set of dummy models that represent the iPhone 12 lineup, giving us our first close look at the iPhone 4-style design and the different size options. Subscri ...

Developer's Visual Comparison of macOS Catalina and Big Sur Offers Closer Look at Apple's UI Redesign for Macs

Tuesday July 7, 2020 4:00 am PDT by
macOS 11 Big Sur is the next major release of Apple's operating system for Mac, and following its preview at WWDC, one of the biggest discussions has revolved around the all-new user interface redesign. Developers are still learning what the impact the new UI will have on their apps, and with that in mind, app designer Andrew Denty has compiled an extensive visual comparison of the user...

Analyst Believes iPhone 12 Pricing Will Start $50 Higher Even Without EarPods or Charger in Box

Wednesday July 8, 2020 9:35 am PDT by
Despite multiple reports indicating that Apple will not include EarPods or a wall charger with iPhone 12 models this year, one analyst believes that pricing will still increase slightly compared to the iPhone 11 lineup. In a research note provided to MacRumors, analyst Jeff Pu forecasted that iPhone 12 pricing will start at $749 for a new 5.4-inch model, an increase of $50 over the base...

14-Inch MacBook Pro With Mini-LED Display Expected to Enter Production in 2021

Wednesday July 8, 2020 7:51 am PDT by
Apple suppliers will begin competing to win manufacturing orders for new 14-inch and 16-inch MacBook Pro models with Mini-LED displays in the first quarter of 2021, according to Taiwanese research firm TrendForce. Rumors of a 14-inch MacBook Pro have surfaced since Apple replaced the 15-inch MacBook Pro with a new 16-inch model last year. Apple analyst Ming-Chi Kuo has previously said that...

Apple Seeds First Betas of iOS 14 and iPadOS 14 to Public Beta Testers

Thursday July 9, 2020 10:14 am PDT by
Apple today seeded the first public betas of upcoming iOS and iPadOS 14 updates to its public beta testing group, two weeks after first providing the updates to developers after the WWDC keynote and a day after seeding the second developer betas. Public beta testers who have signed up for Apple's beta testing program can download the iOS/‌iPadOS‌ 14 updates over the air after installing ...

Apple's Arm-Based Macs With Apple Silicon Chips Will Support Thunderbolt

Wednesday July 8, 2020 3:14 pm PDT by
Apple is working on Macs that use its custom Apple-designed Apple Silicon chips instead of Intel chips, but Apple has committed to continuing to support Thunderbolt, reports The Verge. In a statement, an Apple spokesperson said that Apple's upcoming machines will offer support for Intel's Thunderbolt USB-C standard. "Over a decade ago, Apple partnered with Intel to design and develop...

Apple Cuts iPhone Trade-In Values as iPhone 12 Launch Nears

Tuesday July 7, 2020 7:46 am PDT by
With just two months to go until the usual timeframe for Apple's iPhone launch events, Apple is cutting back on maximum trade-in values of previous-generation iPhones for those looking to upgrade to a new model. Maximum values on more recent models have dropped by $30–$50, while older models have generally dropped by $5–$20 with a few models seeing no change in value.iPhone XS Max: $500 to...

Some iPhone Users Report Significant Battery Drain Due to Music App Background Activity in iOS 13.5.1

Wednesday July 8, 2020 1:49 am PDT by
A significant minority of iPhone users have taken to Apple's Support Communities and Reddit to report battery drain issues largely related to the Music app and high levels of background activity. Hundreds of users, many running iOS 13.5.1 on devices both new and old, are experiencing rapid battery drain when the Music app is not in use. In some cases, the background activity occurs over...