macOS High Sierra 0-Day Released Hours Before Launch

September 28, 2017
Kevin Lam

A security researcher (and by the way ex-NSA guy) named Patrick Wardle released an exploit that enables attackers to exfiltrate passwords from macOS reportedly hours before Apple released their new operating system macOS High Sierra.

There’s no point in discussing whether releasing the exploit without a patch available was responsible or not. Wardle apparently reported the vulnerability to Apple a month earlier. I am sure Wardle has his reasons for doing this and Apple had their reasons for not implementing a patch.

I will say though as a fellow security researcher that these types of exploits, one where you can extract supposedly protected information from protected stores, are really interesting — because essentially all other security sub-systems are built on top of these security platforms. Hopefully, Apple gets this patched soon.