Researchers are calling this new Mac OS X vulnerability "extremely critical." It lets malware bypass security on your Mac disguised as a harmless download. Then it sends all your passwords back to a hacker over a text message. This all happens in less than a second.
The attack is called "brokenchain," and it works via malware that goes undetected when it's downloaded. Once it's on your Mac, hackers can invisibly retrieve your usernames and passwords from your Keychain, where Macs store that information, and have it sent right to their phone. This is a seriously scary vulnerability.
The security researchers who discovered the vulnerability explained in an email to CSO, "It allows anyone to steal all of your passwords remotely by simply downloading a file that doesn’t look malicious, and can’t be detected by malware detectors - as it doesn’t behave the way malware usually does."
They also created a video demonstrating "proof-of-concept." Check it out:
Apple hasn't responded to the researchers, so there's no fix that anyone knows of yet. As always, the best way to protect yourself is to avoid downloading unsolicited email attachments, and don't click on links in emails. Learn how to spot scam emails by clicking here, and check out how much you know about phishing scams by clicking here.
We're always keeping you up to date on the latest security threats; make sure you check back often to our Happening Now page to stay informed.