New macOS zero-day allows theft of user passwords
A recently published video demo shows that macOS, the Apple operating system for desktop computers, suffers from a security flaw that could enable malicious applications to access passwords for various users of a computer through the macOS password management system called Keychain.
For the exploit to work, the malicious app does not even need to obtain administrative privileges. As long as the app runs on a macOS machine, threat actors can use it to obtain passwords from Keychain. While the researcher has not yet published proof-of-concept code, other researchers have already confirmed that the exploit is real.