MacOS High Sierra zero-day shows Keychain passwords in plain text
MacOS users who are starting the upgrade to High Sierra – and those who are using El Capitan – are vulnerable to a proof-of-concept attack that shows their online passwords in plain text, according to Synack security researcher Patrick Wardle.
He discovered that Mac Keychain, a native password management tool, can store online account usernames and passwords in plain text, allowing malicious applications direct access to the account details. However, the Keychain is generally protected by a master password.
Wardle revealed the details in a video that showed a demonstration of the attack.