Security researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in High Sierra, Sierra and El Capitan, and has yet to be patched. Wardle said in a post published yesterday that he expects a patch to be forthcoming. Apple also made public yesterday security releases for Mac Server 5.4 and iCloud for Windows 7.0. The release of High Sierra also included patches for 43 vulnerabilities, including several code execution and denial of service bugs.
Source: https://threatpost.com/macos-high-sierra-available-and-vulnerable-to-keychain-attack/128149/