macOS Mojave contains a major flaw that can reveal passwords and encryption keys to attackers...

Cal Jeffrey

TS Evangelist
Staff member

Keychain is a built-in password manager for macOS. It houses passwords, encryption keys, and certificates from a wide range of sources including websites, apps, and attached hardware. Using a software tool he created called “KeySteal,” Henze can access all the passwords on a Mac’s keychain with one click.

He says that the exploit is similar to Patrick Wardle’s 2017 “KeychainStealer,” but whereas Apple has patched that vulnerability, this one is still wide open. He says that the program works without administrative privileges or root passwords. It also works with macOS login and system keychains.

He tested it on a 2014 MacBook Pro, and it worked flawlessly. However, it's unclear if the exploit can get past the security chips in newer MacBooks.

Typically, researchers do not reveal security flaws until the company has been notified and has had time to patch it. However, Henze said he is posting the vulnerability publicly because Apple has no bug bounty program for macOS. The company does have one for iOS, but it is so limited in scope, and difficult to get rewarded from it is almost useless. Just ask Grant Thompson, the boy who discovered the FaceTime bug.

Despite not disclosing the details to Apple, Henze says he will not reveal how the exploit is performed to anyone else either. He is not looking to harm Apple or its users, just to inform them of the problem. It is up to Apple to figure out what is wrong — at least until it starts a proper bug bounty program.

In the meantime, Henze will be posting other Apple product exploits that he discovers under the hashtag #OhBehaveApple.

“The reason is simple: Apple still has no bug bounty program (for macOS),” he explains. “Maybe this forces Apple to open [one] at some time.”

Permalink to story.

 

VitalyT

Russ-Puss
Bugs in Apple’s software is a blasphemy, accordng to Cook, who will sooner press charges than pay for it.
 

stewi0001

TS Evangelist
Platinum
I'm siding with Henze on this one, mainly because Apple seems to never show any form of acknowledgement or appreciation when some one tells them they found an issue.

My favorite is the time a small electronics shop kept trying to tell Apple the cause of the bend screen problem and Apple kept banning them from their forums.