• Home
  • Mac
  • News
  • Security Researcher’s Video Demos macOS Mojave Keychain Exploit, But He Won’t Share Information With Apple in Protest

Security Researcher’s Video Demos macOS Mojave Keychain Exploit, But He Won’t Share Information With Apple in Protest

Security Researcher’s Video Demos macOS Mojave Keychain Exploit, But He Won’t Share Information With Apple in Protest

A security researcher has demonstrated a macOS Mojave Keychain exploit that can be used to access the passwords stored in the Keychain. Linuz Henze says he is not sharing the information with Apple to protest Apple’s lack of a macOS bounty program.


9to5Mac:

Henze has publicly shared legitimate iOS vulnerabilities in the past, so he has a track record of credibility.

However, Henze is frustrated that Apple’s bug bounty program only applies to iOS, not macOS, and has decided not to release more information about his latest Keychain invasion.

The “KeySteal” demonstration app shown in the video doesn’t require Administrator privileges to pull off the attack. It also doesn’t matter whether Access Control Lists are set up. Henze claims the exploit will succeed on Macs with System Integrity Protection enabled.

The iCloud Keychain is not vulnerable, as it stores data in a different way.

Users can defend themselves by locking the login Keychain with an additional password. However, this isn’t the default configuration, and will also likely prove to be rather inconvenient as it results in endless security authentication dialogs when using your Mac.

Currently, we aren’t sure whether Apple is aware of the problem.

Henze says other hackers and security researchers should publicly release Mac security issues to put pressure on Apple to expand the bug bounty program to include macOS as well as iOS.

  1. 644102 157050Some truly nice and valuable information on this website, likewise I conceive the style holds exceptional capabilities. 698701

  2. 91603 891700The excellent intreguing articles maintain me coming back here time and time once more. thank you so considerably. 240257

  3. 369946 493631Spot up for this write-up, I seriously believe this website needs a good deal much more consideration. Ill apt to be once more to learn additional, appreciate your that info. 272553

  4. 874179 145607Awesome inkling Grace! ego was luxurious youd bring about this about your biz bump into upstanding lineage. We reason you! 47411

  5. 슬롯게임 says:

    454814 377680The electronic cigarette makes use of a battery and a small heating aspect the vaporize the e-liquid. This vapor can then be inhaled and exhaled 867344

  6. angelinsblog says:

    791221 24541Hey, are you having issues with your hosting? I necessary to refresh the page about million times to get the page to load. Just saying 505656

  7. sbobet says:

    542690 857966It is actually a cool and helpful piece of info. Im glad which you just shared this beneficial data with us. Please stay us informed like this. Thank you for sharing. 235284

  8. Definitely believe that which you stated. Your favorite justification appeared to be on the net the easiest
    thing to be aware of. I say to you, I certainly get annoyed while people consider worries that they plainly don’t know about.
    You managed to hit the nail upon the top and defined out the whole thing without having side effect , people could take a signal.
    Will likely be back to get more. Thanks

Leave a Reply

Your email address will not be published.