Latest in Gear

Image credit: designer491 via Getty Images

Researcher finds macOS bug but won’t share details with Apple

He’s protesting Apple’s bug bounty policies.
244 Shares
Share
Tweet
Share
Save

Sponsored Links

designer491 via Getty Images

A researcher has discovered an exploit that can expose passwords on macOS, but says he won't share details of the bug with Apple because of its bug bounty policies. Linus Henze posted a demo video of the KeySteal exploit this week. It seems to grab passwords from login and system keychains without requiring administrator privileges, with a simple click of a button. It works on the latest version of macOS Mojave, though it doesn't seem to affect items stored in iCloud's keychain.

Yet Henze won't help Apple patch the exploit because its bug bounty program only pays out to researchers for disclosing bugs on iOS and not macOS. "It's like they don't really care about macOS," he told Forbes. "Finding vulnerabilities like this one takes time, and I just think that paying researchers is the right thing to do because we're helping Apple to make their product more secure."

This is the second time in a couple of weeks that a teenager has unearthed an Apple security problem (Henze is 18). A 14-year-old tried to alert Apple about the Group FaceTime bug that allowed you to listen in to others before they answer the call. Apple said it will issue a fix for that this week, though it's unclear when it will repair the password exploit.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
244 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Walmart sues Tesla after solar panels catch fire at stores

Walmart sues Tesla after solar panels catch fire at stores

View
A fourth 'Matrix' movie is happening

A fourth 'Matrix' movie is happening

View
Sega’s remastered ‘Yakuza’ bundle for PS4 comes to the US

Sega’s remastered ‘Yakuza’ bundle for PS4 comes to the US

View
NASA confirms mission to Jupiter's moon Europa

NASA confirms mission to Jupiter's moon Europa

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr