Apple has been under a lot of heat lately most recently due to a Mac KeyChain password exploit, found by security researcher, Linuz Henze.
Henze is a veteran security researcher who has discovered known Apple security vulnerabilities, but Henze is frustrated with Apple’s bug bounty program, which applies to Apple’s iOS but not with MacOS.
After showing a video of Apple’s keychain password exploit, he decided not to release more information to Apple, in protest of their bug bounty program.
The KeySteal demo app does not require administrative privileges, and it doesn’t require Access Control to be set up either.
Henze claims that the Mac exploit is also successful with Apple’s System Integrity protection enabled.
Author: Adam Sarwar