Security Researcher Patrick Wardle, a well-known Apple security researcher, published a video demonstrating a zero-day exploit in the company’s upcoming OS. Wardle says the exploit can be used by malware or other malicious apps to dump passwords from the Keychain, which later can be exfiltrated to a remote server and used by the hackers. The exploit also doesn’t require root access, and Wardle has reported the bug to Apple, which is working on a patch. The Keychain vulnerability is Wardle’s second in Apple’s new OS High Sierra this month. At the start of September Wardle showed that attackers could bypass a new security feature added in High Sierra.
Source: https://www.bleepingcomputer.com/news/software/zero-day-demoed-hours-before-official-macos-high-sierra-launch/