New macOS zero-day allows theft of user passwords

A German security researcher has published a video over the weekend showing a new zero-day affecting Apple’s macOS desktop operating system.

In an interview to German tech site HeiseLinus Henze, the security researcher, says the vulnerability allows a malicious app running on a macOS system to get access to passwords stored inside the Keychain –the password management system built into all macOS distributions.

The exploit is highly efficient because the malicious app doesn’t need admin access to retrieve passwords from the user’s Keychain file, and can even retrieve the contents of other Keychain files, which store passwords for other macOS users.

Read more…
Source: ZDNet