Security 10745 Published by

Techradar reports that a Zero-day vulnerability in the newly released macOS High Sierra can be leveraged to grab all passwords from the macOS keychain



The exploit was discovered by Patrick Wardle, chief security researcher at ‎Synack, and also affects earlier versions of macOS (and OS X for that matter).

It can be delivered by an unsigned app, and is capable of hoovering up all the passwords stored in the macOS keychain (in plain-text, so fully readable), without needing the master password normally required to access the keychain. The user won’t realize anything bad has happened.

Of course, if you try to install an unsigned app under macOS, the operating system will warn you against proceeding. And that’s exactly what Apple pointed out in its defense.
  Major flaw in macOS High Sierra puts your passwords at risk