An update released on Thursday by Apple for its macOS High Sierra operating system patches two vulnerabilities, including one that allows malicious applications to steal passwords from the Keychain.

The Keychain flaw, tracked as CVE-2017-7150, was disclosed last week by Patrick Wardle, director of research at Synack. Apple has now addressed the issue with the release of High Sierra 10.13 Supplemental Update.