macOS Keychain vulnerability — what you need to know!
- sep
- 26
A Keychain vulnerability has been discovered in macOS. Here's what you need to know.
Just as Apple was releasing macOS High Sierra, security researcher Patrick Wardle tweeted a previously undisclosed (zero day) vulnerability in Keychain, Apple's secure credential repository, potentially affecting a wide range of macOS versions.
on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords)🍎🙈😭 vid: https://t.co/36M2TcLUAn #smh pic.twitter.com/pqtpjZsSnq
— patrick wardle (@patrickwardle) September 25, 2017
In other words, Wardle alleged that he could put a malicious app on someone's Mac that could get around Keychain's security and pull out usernames and passwords.
That means Wardle, or someone using the same exploit, would have to first get the malicious app onto your Mac, then use that malicious app to attack keychain.
It's a bad bug and Apple absolutely needs to fix it as quickly as possible. (Where "as quickly as possible" includes testing and verifying the full scope of the vulnerability, coming up with a fixe, applying the solution, testing the fix to make sure it doesn't introduce any new bugs, and then rolling it out in a software update.)
In the meantime, though, it's not something macOS users should panic or be panicked about. At least not those used to following the same security best practices everyone in the industry has been talking about for years.
Namely, keep Apple's default Gatekeeper settings enabled and don't download anything, or click on any links, you don't absolutely trust.
macOS is more open by design than iOS. Malicious apps have targeted trusted developers and even made runs at third-party code running in App Store apps.
As the Mac's popularity continues to grow relative to the industry, it makes the economics of attacking Mac users more attractive to hackers.
Multi-layered defense-in-depth, from prevention to detection to removal, is the best way to keep ahead of new threats and handle newly discovered ones.
Firmware integrity protection, anti-malware, system integrity protection, Gatekeeper, and other services are how Apple is implementing defense-in-depth.
Since no code is perfect, though, exploits will keep coming up. So, what matters, is how fast and well Apple — or any vendor — responds to exploits.
For now, upgrading to macOS High Sierra creates absolutely no additional risk from this exploit and includes the usual security improvements and fixes for a wider range of issues, current and potential.
Keep informed, keep safe, and we'll let you know as soon as Apple addresses the exploit.
