Lebanese developers Antoine Vincent Jebara and Raja Rahbani have discovered a critical vulnerability in the Mac OS X Keychain that would allow hackers to easily steal sensitive information like passwords with very little user interaction needed.
Jebara and Rahbani, who are computer engineering graduates from LAU and AUB respectively, head Myki, an identity management software that updates its users passwords constantly and establishes a small personal cloud for protection.
While working on a feature for their software on Apple's OS X, they found that hackers were able to create inconspicuous malware in the shape of a picture, video, or spreadsheet, that would force users to submit their passwords. The malicious code then transfers the Keychain's data to the hackers via text. It also can be stored and downloaded.
The dynamic duo were quick to inform Apple of the vulnerability, with Jebara telling Engadget in an email that it was "the right thing to do knowing that a vulnerability of this magnitude would have disastrous consequences."
According to Jebara, users who are tricked by the malware risk not being able to open any third-party files without the possibility of losing more information to the hackers.
He also posted a video on YouTube showing how exactly hackers can retrieve the sensitive information. Watch it above.