Report: Security hole in macOS Keychain puts passwords at risk
Apple released macOS High Sierra on Monday, so it should be a nice way to spotlight the Mac this week after last week’s iOS 11 and iPhone 8 releases. But a report by a security researcher at Synack puts a bit of a damper on the High Sierra release.
Editor's note: This article was updated at 3:37 p.m. Pacific with a statement from Apple.
Patrick Wardle, Synack’s head of research, posted a video on Monday that shows how code he wrote can be used to get passwords from macOS’s Keychain. Keychain is the password manger built into macOS, and it usually requires a master password to access it. But Wardle’s code was able to access Keychain and collect passwords. The video below is a demonstration posted by Wardle.