Just as Apple launched the latest version of macOS, High Sierra 10.13, a researcher published a video to show how unsigned applications can steal data from the operating system’s Keychain password management system.
Patrick Wardle, director of research at Synack, revealed on Monday that High Sierra and previous versions of macOS are vulnerable. The video made by the expert shows how an unsigned application can programmatically dump and exfiltrate sensitive data from the Keychain, including plaintext passwords, without needing the master password.
The attack does require the targeted user to download and execute a malicious application, and ignore the warnings displayed when a program from an unidentified developer is being launched. However, the attack does not require root permissions.
Apple has been informed of the vulnerability and provided proof-of-concept (PoC) code. Wardle has not made public any technical details to prevent malicious actors from exploiting the flaw.
Until a patch may become available, Apple has advised customers to download software only from trusted sources and pay attention to the security warnings displayed by the operating system.
Over the past years, researchers have found several vulnerabilities that could have allowed hackers to steal keychain secrets, and Apple, in most cases, released patches or made changes to prevent attacks.
This is not the only High Sierra vulnerability discovered by Wardle in recent weeks. Earlier this month, he demonstrated how attackers can bypass the new Secure Kernel Extension Loading (SKEL) security feature introduced in the latest version of macOS.
The researcher has found several vulnerabilities and design flaws in Apple software in recent years, including ways to bypass the Gatekeeper security system, abuse legitimate apps to spy on users, and conduct DLL hijacking attacks.
Related: Adware Installer Uses Old Trick to Access OS X Keychain
Related: New OS X Backdoor Steals Mac Keychain Content

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
Latest News
- Russian Millionaire on Trial in Hack, Insider Trade Scheme
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data
- Russia-Linked APT29 Uses New Malware in Embassy Attacks
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- The Effect of Cybersecurity Layoffs on Cybersecurity Recruitment
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
