Scary Keychain Exploit Shows Macs Are Vulnerable Too

There is a general feeling among many users that Macs aren’t hackable – don’t get viruses and are generally safe computers to use. The truth is, Macs are less popular than PCs and as such, are targeted less often. Sadly, they too can be targets of hacks and exploits.

Case in point is the very scary keychain exploit which Apple computers were susceptible to perhaps for five years or more.

Earlier this year, German security researcher Linus Henze discovered the KeySteal exploit which effectively ingests user names and passwords which Apple computers running MacOS store.

Linus realized that the program which accesses the keychain – typically used for mobile device management or MDM in an enterprise could access the keychain without the need for a password. He then was able to manipulate a session making the keychain think it was communicating with the Apple Safari web browser. In this manner, the service thought it was sending unencrypted password details to a trusted program instead of the rogue app he had designed.

The bug has since been patched. This is a good time to remind you to please keep all of your software up to date and patched.

The point is, Macs are also vulnerable to hacking via flaws in the OS. Moreover, it is extremely difficult to know which if any computers have been hacked as a result of this exploit. Finally, which passwords have been stolen as a result.

The incident reminds us computers are vulnerable and software patches need to be applied quickly to reduce the risk of hacking.

We have put together cybersecurity guidelines every company should follow. We suggest you read it and keep your business protected.