The vulnerability of macOS High Sierra - malicious app can penetrate into the keychain and steal the passwords
The keychain of macOS is a crucial component of the security while authenticating. This is an encrypted container for the storage of users` names, passwords for websites and apps, sensitive information such as PINs, and numbers of your credit cards, etc. The keychain cooperates with the Keychain Access that is a special application for a password control. The account data are stored in the keychain thanks to this app, so the user doesn`t need to enter them over and over again.
Patrick Wardle, a leading security specialist of the Synack company, revealed the problem in the beginning of September, and passed the appropriate information along to the Apple company. Despite this issue, IT-giant launched a new version that is High Sierra. Wardle published online he expects the patch against the mentioned above vulnerability will be made public soon.
According to his investigations, this breach is peculiar not only to High Sierra, but also to macOS Sierra and El Capitan as well.
Wardle informed that non-privileged code or malicious app can penetrate into the keychain and steal the passwords it needs. Unfortunately, one can easily take advantage of this vulnerability.
Wardle also emphasized that a criminal need access to Mac and unlocked keychain for the attack — the keychain will unblock by default at the moment when the user sign in.
The investigator stressed that such an attack would be added as a capability or as a payload of the malware. If a criminal successfully penetrates into the system, he would launch this malware to get access to the keychain.
He also added that along with information about this vulnerability, he sent a testing exploit to the Apple specialists.
The Apple representatives replied that macOS possesses an automatic protection, and Gatekeeper both warns the users not to install app without a signature, and prevents the involuntary installation of any apps. They encourage users to download programs only from reliable sources such as MacAppStore, and carefully read the security warnings of macOS.
The expert advises users to be careful before installing apps from emails and different networks, especially until appearance of the bug fix.