Apple has acknowledged a reported security flaw with its latest free macOS update, High Sierra, which was released for download Monday.
As outlined at Forbes, security researcher Patrick Wardle published evidence that programs not approved by Apple may be able to pick up passwords in a Mac's “keychain” — the place that stores passwords you've asked Apple to remember for you. There's no evidence that anyone has exploited this flaw, but it is a bit of a bruise on the launch.
The problem can hit if you download software from places other than the Mac App Store — a practice that your Mac will repeatedly warn you against if you try to install third-party software. If you don't download software that isn't from the Mac App Store, you should be fine.
In a statement, Apple addressed the report, saying that users should pay attention to the warnings they get from their computers. “We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents,” the statement said.
Wardle told Forbes that he expects Apple will create a patch for the exploit, but Apple did not provide details on when or if that will happen.
Still, if you never go outside the App Store, there's little reason to wait and dive into what High Sierra has to offer. As you should before any upgrade, please make sure you back up your files first.