The Keychain password vulnerability affecting multiple versions of macOS — including High Sierra — was reported to Apple on Sept. 7, and will likely be patched by the company in the near future, according to the security researcher who first publicized the issue.

Technical details of the exploit won't be made public until Apple has released that patch, Patrick Wardle told Gizmodo. He cautioned though that if he found the problem, other less conscientious actors may have beaten him to the punch.

"If I can find these bugs, obviously nation states, malicious adversaries, and cyber criminals have tons more time and resources. I'm sure they're finding these bugs as well," he said.

The researcher recommended updating to High Sierra in the meantime, since "there's a lot of good built-in security features," and there's no protection in remaining on Sierra.

On Monday Wardle published video of a concept app able to capture Keychain passwords in plaintext, without root access, so long as the victim is signed in. Real-world targets would have download, install, and run the app while bypassing macOS security measures designed to deter using unsigned software.