High Sierra hijinks continue: Nasty apps can pull your passwords
https://www.theregister.co.uk/2017/09/28/high_sierra_hijinks_continue_nasty_apps_can_pull_your_passwords/
A security shortcoming in earlier versions of OS X has made its way into macOS High Sierra despite an expert's best efforts to highlight the flaw.
Patrick Wardle, of infosec biz Synack, found that unsigned, and therefore untrustworthy, applications running on High Sierra, aka macOS 10.13, were able to quietly access sensitive information – including stored passwords and keys – without any notification to the user. Normally, apps, even signed trusted ones, trigger a prompt to appear on screen when touching the operating system's Keychain database of saved passphrases and other secrets.
High Sierra hijinks continue: Nasty apps can pull your passwords
Sep 28, 2017, 7:12am UTC
https://www.theregister.co.uk/2017/09/28/high_sierra_hijinks_continue_nasty_apps_can_pull_your_passwords/
>A security shortcoming in earlier versions of OS X has made its way into macOS High Sierra despite an expert's best efforts to highlight the flaw.
>Patrick Wardle, of infosec biz Synack, found that unsigned, and therefore untrustworthy, applications running on High Sierra, aka macOS 10.13, were able to quietly access sensitive information – including stored passwords and keys – without any notification to the user. Normally, apps, even signed trusted ones, trigger a prompt to appear on screen when touching the operating system's Keychain database of saved passphrases and other secrets.