Set as Homepage - Add to Favorites

【All Out with AJ Raval (2025)】

Source:Prosperous Times Information Network Editor:Deals Time:2025-06-26 14:20:05

Apple's latest and All Out with AJ Raval (2025)greatest operating system, macOS High Sierra, hit the digital airwaves on September 25 — promising a free upgrade to Macs around the world with at least 2GB of memory. And while the OS is chock-full of exciting new features, it's the vulnerabilities that have at least one security researcher excited.

That's because it turns out that, with just a little bit of effort, hackers can steal all your passwords off a computer running High Sierra. Which, frankly, is not a good look for Apple.

SEE ALSO: Apple is cleaning up account security in macOS High Sierra

According to security researcher Patrick Wardle, he was able to run an unsigned app on the new OS that could steal plaintext passwords. He posted evidence of his proof of concept to Twitter, and included a link to a video demonstrating an app he dubbed "keychainStealer."

"I discovered a flaw where malicious non-privileged code (or apps) could programmatically access the keychain and dump all this data .... including your plain text passwords," he explained on Patreon. "This is not something that is supposed to happen!"

Importantly, he noted that while he has only tested High Sierra, it appears that El Capitan is vulnerable as well. But the news isn't all bad, as Wardle emphasized that for this to work your computer would first have to be infected with malware.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

"As this is a local attack, this means a hacker or piece of malware must firstinfect your your Mac," Wardle reassured concerned readers. "Typical ways to accomplish this include emails (with malicious attachments), fake web popups ("your Flash player needs updating"), or sometimes legitimate application websites are hacked (e.g. Transmission, Handbrake, etc)."

Apple, for its part, isn't that impressed with the exploit — although a spokesperson confirmed they are looking into it.

"macOS is designed to be secure by default, and [Apple security feature] Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval," the spokesperson told Mashablevia email. "We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents.”

Wardle, meanwhile, is thankfully not looking to steal all your passwords. Instead, he contacted Apple about the exploit before going public and believes the company's engineers are in the process of patching the High Sierra holes.

"As my discovery of this bug and report (in early September) was 'shortly' before High Sierra's release, this did not give Apple enough time to release a patch on time," he wrote. "However, my understanding is a patch will be forthcoming!"

Essentially, it all boils down to this: Don't download sketchy apps, and make sure you always update your OS to the latest version in order to receive any and all patches. And, regardless of the specific threat posed by Wardle's findings, that's some basic security advice to live by.

Featured Video For You
We got our hands on the iPhone 8 - here's everything you need to know

Topics Apple Cybersecurity

Previous:Then and Now: 6 Generations of GeForce Graphics Compared

Next:Watch how an old Venus spacecraft tumbled before crashing to Earth

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

James Webb Telescope vs Hubble: See how the images compareAdobe to update terms of service amid backlashWWDC 2024: Apple announces 3 new AIBest tablet deal: The Samsung Galaxy Tab S9 FE+ is just $489.99 at AmazonBest monitor deal: Get the 48Best tablet deal: The Samsung Galaxy Tab S9 FE+ is just $489.99 at AmazonNYT's The Mini crossword answers for June 11'Boys Go to Jupiter' review: An animated gem about oranges, aliens, and the gig economyHow to cancel Tinder GoldGoogle is letting you dig through the treasured Vogue image archiveSri Lanka vs. Nepal 2024 livestream: Watch T20 World Cup for freeTerribly named 'murder hornet' finally gets a new nameGoogle is letting you dig through the treasured Vogue image archiveNASA GIF shows extraordinary power of James Webb Space Telescope compared to HubbleNetflix releases the first 4 minutes of 'Bridgerton' Season 3, part 2With 'Apple Intelligence,' Apple enters the AI era on its own termsSpectacular Webb telescope image shows a stellar death like never beforeUnited States vs. India 2024 livestream: Watch T20 World Cup for freeCharli xcx's 'brat' turns the internet lime greenTemu hits $20 billion sales in H1 fueled by expansion efforts: report · TechNode Best Kindle deal: Get a refurbished 2021 Kindle Paperwhite for $85 Cerundolo vs. Mensik 2025 livestream: Watch Madrid Open for free National Weather Service accurately forecasts iguanas falling from trees 5 Days of Awesome Wallpapers: Nature Photography and Amazing Scenes 5 Days of Awesome Wallpapers: Geometric and Architectural Wallpapers Display Tech Compared: TN vs. VA vs. IPS Jackery portable power station deal: $90 off at Amazon Meituan CEO cuts stake in Li Auto amid food delivery price war in China · TechNode Ryzen 5000 Memory Performance Guide NYT Connections hints and answers for April 22: Tips to solve 'Connections' #681. Six Mobile Tech Trends to Watch in 2018 Best portable power station deal: Save $520 on Anker Solix C1000 It's snowing in Texas and Twitter is rightfully freaked out Save 29% on the Sony WH NYT Strands hints, answers for April 15 Stuff Your Kindle Day: How to get free cozy mystery books on April 24 Ryzen 5 3600 vs. 3600X: Which should you buy? Assembling a DIY PC Speaker System 'The Elder Scrolls IV: Oblivion' remake screenshots leak ahead of possible release Grab the Soundcore Anker Life Q20 ANC headphones for just $39.99

2.7943s , 8224.3828125 kb

Copyright © 2025 Powered by 【All Out with AJ Raval (2025)】,Prosperous Times Information Network  

Sitemap

Top

Quick Links