A security researcher says Apple’s brand new OS for Mac, High Sierra has a huge security hole that a hacker could use to steal all of your passwords stored in Mac’s Keychain.

A hacker could do it by tricking you into downloading an unsigned app and without having your master password.  The researcher even made a video showing how it can be accomplished.  He said that he told Apple about the issue, but the patch hasn’t made it into the new OS yet.

Mac released a statement saying that users are already warned about installing unsigned apps and that users should only use software from the Mac App Store or other trusted sources.

high-sierra

As far as anyone knows, this exploit hasn’t made its way into any apps from the app store. But now that it’s become known, crooks will certainly try to figure out a way to get to your Mac. Apple is usually pretty quiet about bugs and flaws, their thinking is that announcing them like Microsoft does is just inviting attacks.

For now, you should be safe as long as you don’t take the risk of downloading apps from sources you can’t verify.