MacOS Keychain Theft Issue Shows You Can’t Just Trust Apple to Keep You Secure

MacOS Keychain Theft Issue Shows You Can’t Just Trust Apple to Keep You Secure

7 years ago
Anonymous $wKBR2uNMvM

https://motherboard.vice.com/en_us/article/pak37n/macos-keychain-theft-issue-shows-you-cant-just-trust-apple-to-keep-you-secure

Apple just released macOS High Sierra (10.13), but even the newest version of its operating system is not free of security flaws. A security researcher posted a video showing that malicious applications running on the new OS can silently steal usernames and passwords stored in users' keychains.

Apple intentionally engineered the keychain—a secure container where users and applications can store credentials, secure notes, encryption keys, Wi-Fi passwords and other sensitive information—to require user confirmation before applications can access it. Even when such approval is given, applications can only access information that they previously placed in the keychain themselves.