In fact, Apple does not even allow apps from non-trusted developers to be downloaded without explicitly overriding security settings.Īpple has not yet responded to requests for comment about the potential vulnerability. Security researcher and ex-NSA analyst Patrick Wardle tweeted about the vulnerability early this morning and shared a video of the exploit in action.įor this vulnerability to work, a user needs to download malicious third-party code from an unknown source, something Apple actively discourages with warnings about apps downloaded outside of the Mac App Store or from non-trusted developers. "macOS High Sierra, released to the public today, could be impacted by a major security flaw that could allow a hacker to steal the usernames and passwords of accounts stored in Keychain.Īs it turns out, unsigned apps on macOS High Sierra (and potentially earlier versions of macOS) can allegedly access the Keychain info and display plaintext usernames and passwords without a user's master password. ![]() MacOS High Sierra Vulnerability Allegedly Allows Malicious Third-Party Apps to Access Plaintext Keychain Data Answer now (Will this device work on a macOS High Sierra 10.13. May want to hold off on updating just now: Flag as inappropriate Will this device work on a macOS High Sierra 10.13.6 Asked about: Belkin USB 3.0 4-Port Hub + USB-C C.
0 Comments
Leave a Reply. |