Apple's latest and Watch Scott Pilgrim vs. the World Onlinegreatest operating system, macOS High Sierra, hit the digital airwaves on September 25 — promising a free upgrade to Macs around the world with at least 2GB of memory. And while the OS is chock-full of exciting new features, it's the vulnerabilities that have at least one security researcher excited.
That's because it turns out that, with just a little bit of effort, hackers can steal all your passwords off a computer running High Sierra. Which, frankly, is not a good look for Apple.
SEE ALSO: Apple is cleaning up account security in macOS High SierraAccording to security researcher Patrick Wardle, he was able to run an unsigned app on the new OS that could steal plaintext passwords. He posted evidence of his proof of concept to Twitter, and included a link to a video demonstrating an app he dubbed "keychainStealer."
This Tweet is currently unavailable. It might be loading or has been removed.
"I discovered a flaw where malicious non-privileged code (or apps) could programmatically access the keychain and dump all this data .... including your plain text passwords," he explained on Patreon. "This is not something that is supposed to happen!"
Importantly, he noted that while he has only tested High Sierra, it appears that El Capitan is vulnerable as well. But the news isn't all bad, as Wardle emphasized that for this to work your computer would first have to be infected with malware.
"As this is a local attack, this means a hacker or piece of malware must firstinfect your your Mac," Wardle reassured concerned readers. "Typical ways to accomplish this include emails (with malicious attachments), fake web popups ("your Flash player needs updating"), or sometimes legitimate application websites are hacked (e.g. Transmission, Handbrake, etc)."
Apple, for its part, isn't that impressed with the exploit — although a spokesperson confirmed they are looking into it.
"macOS is designed to be secure by default, and [Apple security feature] Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval," the spokesperson told Mashablevia email. "We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents.”
This Tweet is currently unavailable. It might be loading or has been removed.
Wardle, meanwhile, is thankfully not looking to steal all your passwords. Instead, he contacted Apple about the exploit before going public and believes the company's engineers are in the process of patching the High Sierra holes.
"As my discovery of this bug and report (in early September) was 'shortly' before High Sierra's release, this did not give Apple enough time to release a patch on time," he wrote. "However, my understanding is a patch will be forthcoming!"
Essentially, it all boils down to this: Don't download sketchy apps, and make sure you always update your OS to the latest version in order to receive any and all patches. And, regardless of the specific threat posed by Wardle's findings, that's some basic security advice to live by.
Topics Apple Cybersecurity
The Made in America iPhone: How much would it cost?
Chris Cillizza's Twitter Ratio is so bad, we're not sure his account can survive
Taco Bell is bringing back potatoes, rejoice! And they're testing Beyond Meat, too.
Apple unveils new projects as part of $100 million Racial Equity and Justice Initiative
Best robot vacuum deal: Save $320 on Shark Robot Vacuum and Mop
Photos of free school meal packages in the UK spark outrage online
YaDoggie wants to stop you from overfeeding your dog
LG cleverly teases rollable smartphone during CES 2021
NYT Connections hints and answers for May 10: Tips to solve 'Connections' #699.
Linksys says its new WiFi 6E mesh router can support 65 devices
Best robot vacuum deal: Eufy Omni C20 robot vacuum and mop at record
Man asks Twitter for birthday drinks, gets way more than he bargained for
Taco Bell is bringing back potatoes, rejoice! And they're testing Beyond Meat, too.
Melania Trump spoke out against bullying and Twitter can't take the irony
Nintendo Switch 2 preorder just days away, per leak
Killing Zero Latency VR's zombies is even more fun with family
9 great time management apps for students
This pigeon is way more religious than you'll ever be
4GHz CPU Battle: AMD 2nd
This pigeon is way more religious than you'll ever be
SpaceX's 60 Starlink satellites line up for an out of this world photoXiaomi 14 design revealed ahead of launch · TechNodeSwiatek vs. Sabalenka 2024 livestream: Watch Madrid Open final for freeBest LEGO Store Star Wars Day deals 2024Chinese EV maker Leapmotor to build EVs at Stellantis plant: executive · TechNodeSassuolo vs. Inter Milan 2024 livestream: Watch Serie A live for freeiFlytek claims its enhanced LLM is on par with GPTMI vs. SRH 2024 livestream: Watch IPL for freeGet up to 35% off Nespresso machines at AmazonTencent claims Hunyuan AI model surpasses GPTMeituan launches short video feature after months of testing · TechNodeTencent claims Hunyuan AI model surpasses GPTWorld first: AllMasturbation May 2024: Deals on sex toys, lube, and moreNYT's The Mini crossword answers for May 3Puffins are dying in large numbers in the Bering SeaDidi’s selfNew Beats Headphones 2024: Get the Beats Solo 4 for $199 at AmazonWe're fracking the hell out of the U.S. Can Jay Inslee stop it?Loneliness in kids: Screen time may play a role Sisters surprise their stepdad with the best Father's Day gift ever Kendall Jenner is too cool to wear a fanny pack on her fanny 8 essential keyboard tips every iPhone owner should know Delivery apps become essential for restaurants to survive during pandemic Google's AI starts answering Verizon support calls Zoom just destroyed TikTok's download record Zuckerberg criticizes Trump response to coronavirus in Fauci Q&A How the internet helped two friends to confess their love for each other How to set up parental controls on Netflix, Amazon Prime Video, Hulu Paramedic uses Google Live Transcribe to talk to lipreading patients 'Breatharian' couple magically defies biology, subsists only on clicks and BS 20+ apps and websites to help you live a more sustainable life How the Twitter hack highlights the dangers of Slack Zoom bug allowed anyone to use a company’s custom meeting URL The unique thrill of vintage shopping on Instagram This dead hacker's account could be the key to the big Twitter hack Kim Kardashian addresses her blackface controversy and promises she's realizing stuff Woman replaces her family photos with photos of her dog and it's genius TheirTube shows how YouTube's algorithm creates conspiracy theorists TV news reporter dies after being ejected from Revel moped
2.1524s , 8226.015625 kb
Copyright © 2025 Powered by 【Watch Scott Pilgrim vs. the World Online】,Openness Information Network