macOS High Sierra Vulnerability Allegedly Allows Malicious Third-Party Apps to Access Plaintext Keychain Data

by

macOS High Sierra, released to the public today, could be impacted by a major security flaw that could allow a hacker to steal the usernames and passwords of accounts stored in Keychain.

As it turns out, unsigned apps on macOS High Sierra (and potentially earlier versions of macOS) can allegedly access the Keychain info and display plaintext usernames and passwords without a user's master password.

Security researcher and ex-NSA analyst Patrick Wardle tweeted about the vulnerability early this morning and shared a video of the exploit in action.


For this vulnerability to work, a user needs to download malicious third-party code from an unknown source, something Apple actively discourages with warnings about apps downloaded outside of the Mac App Store or from non-trusted developers. In fact, Apple does not even allow apps from non-trusted developers to be downloaded without explicitly overriding security settings.

As demonstrated in the video above, Wardle created a proof-of-concept app called "keychainStealer" that was able to access plaintext passwords stored in Keychain for Twitter, Facebook, and Bank of America. Wardle spoke to Forbes about the vulnerability and said it's actually not hard to get malicious code running on a Mac even with Apple's protections in place.

keychainpasswordexploit

"Without root priveleges, if the user is logged in, I can dump and exfiltrate the keychain, including plaintext passwords," Wardle told Forbes. "Normally you are not supposed to be able do that programmatically."

"Most attacks we see today involve social engineering and seem to be successful targeting Mac users," he added. "I'm not going to say the [keychain] exploit is elegant - but it does the job, doesn't require root and is 100% successful."

Wardle has not provided the full exploit code for malicious entities to take advantage of, and he believes Apple will patch the problem in a future update.

As Wardle has not released the full exploit code, it has not been double-checked by MacRumors or another source, so full details on the vulnerability are not known just yet.

Apple has not yet responded to requests for comment about the potential vulnerability.

Related Forum: macOS High Sierra

Popular Stories

iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

iPhone 17 Pro Launching Later This Year With These 12 New Features

Sunday April 13, 2025 7:52 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article125 comments
Beyond iPhone 13 Better Triad

Apple's 20th Anniversary iPhone May Finally Go All Screen

Tuesday April 15, 2025 6:31 am PDT by
Apple is preparing a "bold" new iPhone Pro model for the iPhone's 20th anniversary in 2027, according to Bloomberg's Mark Gurman. As part of what's being described as a "major shake-up," Apple is said to be developing a design that makes more extensive use of glass – and this could point directly to the display itself. Here's the case for Apple releasing a truly all-screen iPhone with no...
Read Full Article79 comments
Apple 2025 Thumb 1

10 Products Still Coming From Apple in 2025

Friday April 11, 2025 4:14 pm PDT by
Apple may have updated several iPads and Macs late last year and early this year, but there are still multiple new devices that we're looking forward to seeing in 2025. Most will come in September or October, but there could be a few surprises before then. We've rounded up a list of everything that we're still waiting to see from Apple in 2025. iPhone 17, 17 Air, and 17 Pro - We get...
Read Full Article58 comments
iOS 19 Roundup Feature

iOS 19 Will Add These New Features to Your iPhone

Tuesday April 15, 2025 7:37 am PDT by
The first iOS 19 beta is less than two months away, and there are already a handful of new features that are expected with the update. Apple should release the first iOS 19 beta to developers immediately following the WWDC 2025 keynote, which is scheduled for Monday, June 9. Following beta testing, the update should be released to the general public in September. Below, we recap the key...
Read Full Article32 comments
Foldable iPhone 2023 Feature Homescreen

Foldable iPhone Resolutions Leak With Under-Screen Camera Tipped

Monday April 14, 2025 3:12 am PDT by
Apple's upcoming foldable iPhone (or "iPhone Fold") will feature two screens as part of its book-style design, and a Chinese leaker claims to know the resolutions for both of them. According to the Weibo-based account Digital Chat Station, the inner display, which is approximately 7.76 inches, will use a 2,713 x 1,920 resolution and feature "under-screen camera technology." Meanwhile, the...
Read Full Article92 comments
iPad Pro iPadOS

iPadOS 19 Will Be 'More Like macOS' in Three Ways

Sunday April 13, 2025 6:43 am PDT by
A common complaint about the iPad Pro is that the iPadOS software platform fails to fully take advantage of the device's powerful hardware. That could soon change. Bloomberg's Mark Gurman today said that iPadOS 19 will be "more like macOS." Gurman said that iPadOS 19 will be "more like a Mac" in three ways:Improved productivity Improved multitasking Improved app window management...
Read Full Article219 comments
Apple Vision Pro with battery Feature Blue Magenta

Vision Pro 2 Rumored to Have Two Key Advantages Over Current Model

Sunday April 13, 2025 7:15 am PDT by
Apple is working on a new version of the Vision Pro with two key advantages over the current model, according to Bloomberg's Mark Gurman. Specifically, in his Power On newsletter today, Gurman said Apple is developing a new headset that is both lighter and less expensive than the current Vision Pro, which starts at $3,499 in the U.S. and weighs up to 1.5 pounds. Gurman said Apple is also...
Read Full Article127 comments
Apple Bristol Current

An Apple Store in the UK is Permanently Closing Later This Year

Monday April 14, 2025 7:33 am PDT by
Apple has confirmed that it will be permanently closing its retail store in the heart of Bristol, England, and there is no replacement in sight. Apple Bristol in 2023 Apple Bristol will be closing its doors on Saturday, August 9, due to redevelopment plans at the Cabot Circus Shopping Centre, and the adjacent Bristol Shopping Quarter. According to news reports, and a building application, the ...
Read Full Article28 comments
iPhone 6s MacRumors YouTube

Apple Says These Products Are Now Vintage

Tuesday April 15, 2025 9:53 am PDT by
Apple today updated its vintage products list to add the 2018 Mac mini and the iPhone 6s, devices that will get more limited service and repairs now that they are considered vintage. The iPhone 6s initially launched in 2015, but Apple kept it around as a low-cost device until 2018, which is why it is only now being added to the vintage list. The iPhone 6s had Apple's A9 chip, and it was...
Read Full Article73 comments

Top Rated Comments

DblHelix Avatar
DblHelix
99 months ago
Would have been great if he contacted Apple before the OS was released. Just looking for attention. Jerk
Score: 58 Votes (Like | Disagree)
sequential Avatar
sequential
99 months ago
Would have been great if he contacted Apple before the OS was released. Just looking for attention. Jerk
1. Would have been even greater if Apple had ppl who found these kind of bugs themselves before release.
2. You don't know if he found this yesterday. But sure hate on the guy who might have prevented your bank account password from ending up in the wrong hands.
Score: 52 Votes (Like | Disagree)
bladerunner2000 Avatar
bladerunner2000
99 months ago
On release day. That's embarrassing.
Score: 38 Votes (Like | Disagree)
carlsson Avatar
carlsson
99 months ago
OMG, to enable this software you have to enter System Preferences, answer YES on two dialogues, and also enter your password. Then it may STEAL your not encoded things stored in the keychain (by default everything is stored encoded). I think I'm going to Windows now. This is just too much!!!

/irony ended
Score: 34 Votes (Like | Disagree)
s15119 Avatar
s15119
99 months ago
sigh. don't download junk, don't jeopardize your computer. Common sense is the best anti-virus.
Score: 21 Votes (Like | Disagree)
bladerunner2000 Avatar
bladerunner2000
99 months ago
If he did find it yesterday, he should have disclosed it to Apple and given them 90 days to fix it.
He doesn't owe Apple anything. Just like Apple doesn't owe him anything. He did them a favour.
Score: 19 Votes (Like | Disagree)
Read All Comments