• Forums
  • Shop
  • iPhone 13
  • AirPods Deals
  • iPad Deals
  • Best Apple Watch

We may earn a commission for purchases using our links. Learn more.

  1. Home
  2. /
  3. News
  4. /
  5. Apple
Security

Apple mitigates macOS Keychain vulnerability

Apple has mitigated a Keychain vulnerability discovered in macOS High Sierra. Here's what you need to know.
Rene Ritchie
26 Sep 2017

macOS Keychain vulnerability — what you need to know!

Just as macOS High Sierra, security researcher Patrick Wardle tweeted a previously undisclosed (zero day) vulnerability in Keychain, Apple's secure credential repository. The vulnerability potentially affected a wide range of macOS versions. Apple has since mitigated the issue with a Supplemental Update, now available via the Mac App Store.

on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords)🍎🙈😭 vid: https://t.co/36M2TcLUAn #smh pic.twitter.com/pqtpjZsSnq

— patrick wardle (@patrickwardle) September 25, 2017

Wardle said he could put a malicious app on someone's Mac and then use that app to get around Keychain's security and pull out usernames and passwords programmatically.

That meant Wardle, or someone using the same exploit, would have to use a phishing attack or some form of social engineering to get the malicious app onto your Mac, then use that malicious app to go after your Keychain.

In the Supplemental Update, Apple offered the following mitigation:

A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.

The Keychain vulnerability, while bad and requiring this's fix, wasn't something macOS users needed panic about. At least not those used to following the same security best practices everyone in the industry has been talking about for years.

Namely, those that kept Apple's default Gatekeeper settings enabled and didn't download anything, or click on any links, they don't absolutely trust.

macOS is more open by design than iOS. Malicious apps have targeted trusted developers and even tried to get into the App Store through third-party code. They get found. They get fixed.

As the Mac's popularity continues to grow relative to the industry, it makes the economics of attacking Mac users more attractive to hackers.

Multi-layered defense-in-depth, from prevention to detection to removal, is the best way to keep ahead of new threats and handle newly discovered ones.

Firmware integrity protection, anti-malware, system integrity protection, Gatekeeper, and other services are how Apple is implementing defense-in-depth.

Since no code is perfect, exploits will keep coming up. So, what matters is how fast and well Apple — or any vendor — responds to exploits.

Download and install the Supplemental Update for macOS High Sierra as soon as possible and continue to keep informed and keep safe.

macOS Big Sur

Main

  • macOS Big Sur Review
  • macOS Big Sur FAQ
  • Updating macOS: The ultimate guide
  • macOS Big Sur Help Forum

We may earn a commission for purchases using our links. Learn more.

iOS gaming recap: Is that Pokémon Go meets... basketball?
Clever girl

iOS gaming recap: Is that Pokémon Go meets... basketball?

Ever wanted to play basketball but as Pokémon Go? What about hopping into some more dino action now that the Jurassic World series has seemingly wrapped up? Check out this week in iOS gaming.

Huge Apple TV promotion now live ahead of major upgrade
a big biscount

Huge Apple TV promotion now live ahead of major upgrade

You can now get a $50 gift card when you buy either of Apple's TV models. The company is likely cleaning house ahead of a rumored big upgrade.

New M2 13-inch MacBook Pro teardown shows it's just the old one in disguise
M2

New M2 13-inch MacBook Pro teardown shows it's just the old one in disguise

Apple's new M2 13-inch MacBook Pro is now on sale and people are doing what they tend to do with new things — they're taking the machine apart. The latest to take a screwdriver to Apple's new notebook is iFixit, and the result is further confirmation that this is essentially the M1 model but with some small tweaks and a new CPU.

Deck your dorm with the coolest stuff
Make it your own

Deck your dorm with the coolest stuff

Dorm rooms can be plain, so you're going to want to deck it out with as much cool stuff as you possibly can - here are our picks for the essentials!

Keep in Touch

Sign up now to get the latest news, deals & more from iMore!

I would like to receive news and offers from other Future brands.

I would like to receive mail from Future partners.

No spam, we promise. You can unsubscribe at any time and we'll never share your details without your permission.

  • News
  • macOS High Sierra
Rene Ritchie

Rene Ritchie

Rene Ritchie has been covering personal technology for a decade. Former editor-in-chief of iMore and Editorial Director for Mobile Nations, he specializes in Apple and related technologies, news analysis and insight. Follow him @reneritchie on Twitter, Instagram, watch his videos on YouTube, and visit him on the web at reneritchie.net.

  • iPhone
  • iPad
  • Apple Watch
  • Mac
  • Apple TV
  • Reviews
  • How To
  • HomeKit
  • Forums

Other Categories

  • About Us
  • Newsletter
  • Fitness
  • Apps
  • Gaming
  • Deals
  • Advertising Inquiries
  • Licensing and Reprints
  • Accessibility Statement
  • Android Central
  • Windows Central
  • Thrifter
  • TechnoBuffalo
  • MrMobile
Log in or Sign up
  • t
  • f
  • y
  • i
  • r

Brightness

  • © Future US, Inc.
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • About Us
  • Careers
  • Licensing
  • External Links Disclosure
  • Accessibility Statement
  • © Future US, Inc.
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • About Us
  • Careers
  • Licensing
  • External Links Disclosure
  • Accessibility Statement