SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
MacOS High Sierra zero-day shows Keychain passwords in plain text
Wed, 27th Sep 2017
FYI, this story is more than a year old

MacOS users who are starting the upgrade to High Sierra – and  those who are using El Capitan – are vulnerable to a proof-of-concept attack that shows their online passwords in plain text, according to Synack security researcher Patrick Wardle.

He discovered that Mac Keychain, a native password management tool, can store online account usernames and passwords in plain text, allowing malicious applications direct access to the account details. However, the Keychain is generally protected by a master password.

Wardle revealed the details in a video that showed a demonstration of the attack.