Security Researcher Discovers macOS Flaw, Refuses to Share Details with Apple
Security researcher Linus Henze has found a vulnerability in Apple’s macOS operating system that would allow an attacker to obtain user’s login and system passwords with the right tools.
The researcher demoed an app called “KeySteal” on YouTube (you can see it in action below), which appears to be capable of extracting login and system passwords from the macOS Keychain utility without the need of the administrator (root) password.
Linus Henze’s KeySteal app leverages a new macOS Keychain exploit, so it works even if the Access Control Lists (ACL) and System Integrity Protection (SIP) are not configured. But the good news is that this vulnerability doesn’t affect your iCloud Keychain credentials.
The Keychain exploit discovered by Linus Henze looks to affect the latest macOS Mojave 10.14 operating system series from version 10.14 to 10.14.3. However, the researcher refuses to share any details with Apple about his vulnerability in protest that the tech giant doesn’… (read more)