SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image

MacOS High Sierra zero-day shows Keychain passwords in plain text

Wed, 27th Sep 2017
#
Apple
#
Malware
#
Technology Gifts
#
macOS
#
Synack
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor

MacOS users who are starting the upgrade to High Sierra – and  those who are using El Capitan – are vulnerable to a proof-of-concept attack that shows their online passwords in plain text, according to Synack security researcher Patrick Wardle.

He discovered that Mac Keychain, a native password management tool, can store online account usernames and passwords in plain text, allowing malicious applications direct access to the account details. However, the Keychain is generally protected by a master password.

Wardle revealed the details in a video that showed a demonstration of the attack.

Follow us on:
LinkedIn Twitter
Related stories
New worm named LitterDrifter heightens global cyber threat landscape
Keeper Security urges retailers to prep for holiday season cyber threats
Avast warns of AI-driven scams in Q3 Threat Report ahead of holiday season
ESET consolidates consumer cybersecurity offerings with new HOME subscriptions
Docker Engine API exploit launches DDoS attacks in OracleIV campaign
Top stories
Zscaler bolsters its APJ leadership team to maximise regional growth
Predicting 2024's cybersecurity threats: insights from Barracuda Network's experts
The benefits (and risks) of using AI for code development
Rising cybersecurity threats push shift from passwords to passkeys
KnowBe4 offers top cybersecurity tips for a safe 2023 holiday season