A macOS vulnerability discovered by security researcher Patrick Wardle allows any app – signed or unsigned – to extract plain text passwords from Keychain. Wardle demonstrated the exploit with a proof of concept app, seen in the video below.
The vulnerability is a huge one, because Keychain data is secured by 256-bit AES encryption, which should make it virtually uncrackable – and because the bug affects all versions of macOS, including High Sierra …
more…
