Security researcher Linus Henze demoed a zero-day macOS exploit impacting the Keychain password management system which can store passwords for applications, servers, and websites, as well as sensitive information related to banking accounts. The vulnerability is present “in the keychain’s access control”” and it could allow a potential attacker to steal Keychain passwords from any local user account on the Mac
Source: