Apple made its latest OS update available Monday, but the release of High Sierra was tainted somewhat by the fact it comes replete with a critical vulnerability that allows an attacker to dump plaintext passwords from the macOS Keychain.
Researcher Patrick Wardle, chief security researcher at Synack, discovered the issue in early September and privately disclosed to Apple. The disclosure, however, did not preclude Apple from making High Sierra public yesterday. Wardle said in a post published yesterday that he expects a patch to be forthcoming.
