
Ex-NSA hacker drops macOS High Sierra zero-day hours before launch - reeteshv
http://www.zdnet.com/article/apple-macos-high-sierra-password-vulnerable-to-password-stealing-hack/
======
miles
I wonder what aspect of this is new or novel?

It's been possible to dump passwords from the current user's Login Keychain
via "security dump-keychain -d login.keychain" or "sudo keychaindump" for a
long time:

[https://tinyapps.org/blog/mac/201211030700_recover_keychain_...](https://tinyapps.org/blog/mac/201211030700_recover_keychain_passwords.html)

------
dovdovdov
It's almost like deliberately running malicious code is bad for your PC.

~~~
dvhh
Or someone you lend your PC to for a few minutes

~~~
dpark
Is loaning your laptop to nefarious characters something you do frequently?
Pretty much the only time I've ever "loaned" my laptop to someone, it was a
co-worker who used it for a presentation, projected on the wall, with me and a
room full of other colleagues watching everything they do. When it's not a co-
worker presenting, it's my wife.

