Latest in Gear

Image credit:

Researcher finds macOS bug but won’t share details with Apple

He’s protesting Apple’s bug bounty policies.
Kris Holt, @krisholt
February 6, 2019
Share
Tweet
Share

Sponsored Links

designer491 via Getty Images

A researcher has discovered an exploit that can expose passwords on macOS, but says he won't share details of the bug with Apple because of its bug bounty policies. Linus Henze posted a demo video of the KeySteal exploit this week. It seems to grab passwords from login and system keychains without requiring administrator privileges, with a simple click of a button. It works on the latest version of macOS Mojave, though it doesn't seem to affect items stored in iCloud's keychain.

Yet Henze won't help Apple patch the exploit because its bug bounty program only pays out to researchers for disclosing bugs on iOS and not macOS. "It's like they don't really care about macOS," he told Forbes. "Finding vulnerabilities like this one takes time, and I just think that paying researchers is the right thing to do because we're helping Apple to make their product more secure."

This is the second time in a couple of weeks that a teenager has unearthed an Apple security problem (Henze is 18). A 14-year-old tried to alert Apple about the Group FaceTime bug that allowed you to listen in to others before they answer the call. Apple said it will issue a fix for that this week, though it's unclear when it will repair the password exploit.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Get ready to raid 'Ghost of Tsushima' on October 30th

Get ready to raid 'Ghost of Tsushima' on October 30th

View
'Uncharted' set photos offer our first look at Tom Holland as Nathan Drake

'Uncharted' set photos offer our first look at Tom Holland as Nathan Drake

View
'If Found...' brings queer '90s nostalgia to Nintendo Switch today

'If Found...' brings queer '90s nostalgia to Nintendo Switch today

View
Amazon Echo (2020) review: Small in stature, mighty in sound

Amazon Echo (2020) review: Small in stature, mighty in sound

View
Jabra's ANC update for the Elite 75t earbuds is now available

Jabra's ANC update for the Elite 75t earbuds is now available

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr