macOS 10.12.2 was released by Apple last week, the new version of the operating system solving a variety of problems reported by users. Separately, Apple also resolved a security vulnerability in macOS 10.12.1 that allowed a Mac's password to be extracted via Thunderbolt.
Extracting a Mac's password was possible in macOS 10.12.1 using a $300 Thunderbolt device, even when the Mac was locked. In the video clip below you can see how the entire procedure looks on macOS 10.12.1, but in macOS 10.12.2 it was blocked by the Apple company, so it is now no longer possible.
Apple learned about this vulnerability as early as August of this year and asked the researcher who discovered it not to provide details regarding its exploitation. He listened to Apple's pleas, so in macOS 10.12.2 it was solved and no hacker can use it to gain access to any Mac's data.
Below is an explanation for the problem reported to Apple, but you can rest assured that it no longer exists in macOS 10.12.2.
"The first issue is that the mac does not protect itself against Direct Memory Access (DMA) attacks before macOS is started. EFI which is running at this early stage enables Thunderbolt allowing malicious devices to read and write memory. At this stage macOS is not yet started. macOS resides on the encrypted disk – which must be unlocked before it can be started. Once macOS is started it will enable DMA protections by default. The second issue is that the FileVault password is stored in clear text in memory and that it is not automatically scrubbed from memory once the disk is unlocked. The password is put in multiple memory locations – which all seem to move around between reboots, but within a fixed memory range.”
