macOS High Sierra Vulnerability Allegedly Allows Malicious Third-Party Apps to Access Plaintext Keychain Data

by

macOS High Sierra, released to the public today, could be impacted by a major security flaw that could allow a hacker to steal the usernames and passwords of accounts stored in Keychain.

As it turns out, unsigned apps on macOS High Sierra (and potentially earlier versions of macOS) can allegedly access the Keychain info and display plaintext usernames and passwords without a user's master password.

Security researcher and ex-NSA analyst Patrick Wardle tweeted about the vulnerability early this morning and shared a video of the exploit in action.


For this vulnerability to work, a user needs to download malicious third-party code from an unknown source, something Apple actively discourages with warnings about apps downloaded outside of the Mac App Store or from non-trusted developers. In fact, Apple does not even allow apps from non-trusted developers to be downloaded without explicitly overriding security settings.

As demonstrated in the video above, Wardle created a proof-of-concept app called "keychainStealer" that was able to access plaintext passwords stored in Keychain for Twitter, Facebook, and Bank of America. Wardle spoke to Forbes about the vulnerability and said it's actually not hard to get malicious code running on a Mac even with Apple's protections in place.

keychainpasswordexploit

"Without root priveleges, if the user is logged in, I can dump and exfiltrate the keychain, including plaintext passwords," Wardle told Forbes. "Normally you are not supposed to be able do that programmatically."

"Most attacks we see today involve social engineering and seem to be successful targeting Mac users," he added. "I'm not going to say the [keychain] exploit is elegant - but it does the job, doesn't require root and is 100% successful."

Wardle has not provided the full exploit code for malicious entities to take advantage of, and he believes Apple will patch the problem in a future update.

As Wardle has not released the full exploit code, it has not been double-checked by MacRumors or another source, so full details on the vulnerability are not known just yet.

Apple has not yet responded to requests for comment about the potential vulnerability.

Related Forum: macOS High Sierra

Popular Stories

ipad 11 feature

Apple Unveils 11th-Gen iPad With A16 Chip and More Storage

Tuesday March 4, 2025 6:06 am PST by
Apple today announced the 11th-generation iPad, now featuring the A16 Bionic chip and more storage. The announcement came alongside the debut of the new iPad Air, which now features the M3 chip. From Apple's press release: The A16 chip provides a jump in performance for everyday tasks and experiences in iPadOS, while still providing all-day battery life. Compared to the previous...
Read Full Article173 comments
Apple MacBook Air hero

Apple Announces New MacBook Air With M4 and 'Sky Blue' Color Option

Wednesday March 5, 2025 6:02 am PST by
Apple today announced refreshed 13- and 15-inch MacBook Air models, now featuring the M4 chip, an upgraded camera, and a new "Sky Blue" color option. "Sky Blue" is an all-new blue finish that joins Midnight, Starlight, and Silver. Apple describes it as a "beautiful, metallic light blue that creates a dynamic gradient when light reflects off of its surface." Space Gray is no longer available. ...
Read Full Article382 comments
M3 iPad Air

Apple Announces New iPad Air With M3 Chip, Updated Magic Keyboard

Tuesday March 4, 2025 6:04 am PST by
Apple today introduced new 11-inch and 13-inch iPad Air models with the M3 chip, along with an updated Magic Keyboard for the device. With the M3 chip, the new iPad Air should offer up to 20% faster performance compared to the previous-generation model with the M2 chip, which was released in May 2024. In addition, the M3 chip brings hardware-accelerated ray tracing to the iPad Air for the...
Read Full Article201 comments
iPhone 17 Pro Render Front Page Tech

iPhone 17 Pro Launching Later This Year With These 8 New Features

Tuesday March 4, 2025 3:15 pm PST by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. iPhone 17 Pro's alleged design via Front Page Tech Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone...
Read Full Article
macbook air blue image

New MacBook Air Coming This Week: What to Expect

Monday March 3, 2025 4:52 pm PST by
Apple CEO Tim Cook teased a new product announcement this week, sharing a short video that says "there's something in the Air." Based on the "Air" wording and the timing of the launch, it sounds like we're going to get new M4 MacBook Air models. Design Apple will continue to offer the MacBook Air in two sizes, including 13 inches and 15 inches. We are not expecting notable design updates,...
Read Full Article152 comments
cook tweet air upscale

Tim Cook Teases New Apple Product Announcement This Week: 'There's Something in the Air'

Monday March 3, 2025 8:02 am PST by
Apple CEO Tim Cook today teased a new product announcement coming "this week." "There's something in the air," the teaser says. This teaser likely refers to a new MacBook Air with the M4 chip, which is already expected to be announced as early as this week. Apple used the same "there's something in the air" slogan before it announced the original MacBook Air in 2008. Cook shared a si...
Read Full Article197 comments
Generic iOS 19 Feature Mock Light

iOS 19 Rumored to Include These New Features for Your iPhone

Saturday March 1, 2025 11:00 am PST by
iOS 19 is still around three months away from being unveiled, but there are plenty of rumors about the upcoming update. Below, we recap iOS 19 rumors so far. Redesigned Camera App A leak earlier this year allegedly revealed a redesigned Camera app coming with iOS 19. On his YouTube channel Front Page Tech in January, Jon Prosser shared a video showing what the new Camera app will...
Read Full Article134 comments
ipad air magic keyboard

Apple Announces Redesigned Magic Keyboard for iPad Air

Tuesday March 4, 2025 6:36 am PST by
Apple today announced a completely redesigned Magic Keyboard accessory for the iPad Air. The new keyboard features a larger built-in trackpad, a 14-key function row, and a new aluminum hinge. From Apple's press release: The all-new Magic Keyboard for iPad Air expands what users can do at an even lower price. The larger built-in trackpad brings greater precision for detail-oriented...
Read Full Article119 comments
iOS 18

Apple Says iOS 18.4 Will Be Released in April With These New Features

Wednesday February 26, 2025 7:15 am PST by
In a recent press release, Apple confirmed that iOS 18.4 will be released in April. From the Apple News+ Food announcement:Coming with iOS 18.4 and iPadOS 18.4 in April, Apple News+ subscribers will have access to Apple News+ Food, a new section that will feature tens of thousands of recipes — as well as stories about restaurants, healthy eating, kitchen essentials, and more — from the...
Read Full Article44 comments

Top Rated Comments

DblHelix Avatar
DblHelix
97 months ago
Would have been great if he contacted Apple before the OS was released. Just looking for attention. Jerk
Score: 58 Votes (Like | Disagree)
sequential Avatar
sequential
97 months ago
Would have been great if he contacted Apple before the OS was released. Just looking for attention. Jerk
1. Would have been even greater if Apple had ppl who found these kind of bugs themselves before release.
2. You don't know if he found this yesterday. But sure hate on the guy who might have prevented your bank account password from ending up in the wrong hands.
Score: 52 Votes (Like | Disagree)
bladerunner2000 Avatar
bladerunner2000
97 months ago
On release day. That's embarrassing.
Score: 38 Votes (Like | Disagree)
carlsson Avatar
carlsson
97 months ago
OMG, to enable this software you have to enter System Preferences, answer YES on two dialogues, and also enter your password. Then it may STEAL your not encoded things stored in the keychain (by default everything is stored encoded). I think I'm going to Windows now. This is just too much!!!

/irony ended
Score: 34 Votes (Like | Disagree)
s15119 Avatar
s15119
97 months ago
sigh. don't download junk, don't jeopardize your computer. Common sense is the best anti-virus.
Score: 21 Votes (Like | Disagree)
bladerunner2000 Avatar
bladerunner2000
97 months ago
If he did find it yesterday, he should have disclosed it to Apple and given them 90 days to fix it.
He doesn't owe Apple anything. Just like Apple doesn't owe him anything. He did them a favour.
Score: 19 Votes (Like | Disagree)
Read All Comments