macOS Keychain Security Flaw Discovered by Researcher, but Details Not Shared With Apple Over Bug Bounty Protest

by

German security researcher Linus Henze this week discovered a new zero-day macOS vulnerability dubbed "KeySteal," which, as demoed in the video below, can be used to get to all of the sensitive data stored in the Keychain app.

Henze appears to use a malicious app to extract data from the Mac's Keychain app without the need for administrator access or an administrator password. It can get passwords and other information from Keychain, as well as passwords and details for other macOS users.


Henze has not shared the details of this exploit with Apple and says that he won't release it because Apple has no bug bounty program available for macOS. "So blame them," Henze writes in the video's description. In a statement to Forbes, Henze clarified his position, and said that discovering vulnerabilities takes time.

"Finding vulnerabilities like this one takes time, and I just think that paying researchers is the right thing to do because we're helping Apple to make their product more secure."

Apple has a reward program for iOS that provides money to those who discover bugs, but there is no similar payment system for macOS bugs.

According to German site Heise Online, which spoke to Henze, the exploit allows access to Mac Keychain items but not information stored in iCloud. Keychain is also required to be unlocked, something that happens by default when a user logs in to their account on a Mac.

applekeychain
Keychain can be locked by opening up the Keychain app, but an admin password then needs to be entered whenever an application needs to access Keychain, which can be inconvenient.

Apple's security team has reached out to Henze, according to ZDNet, but he has continued to refuse to provide additional detail unless they provide a bug bounty program for macOS. "Even if it looks like I'm doing this just for money, this is not my motivation at all in this case," said Henze. "My motivation is to get Apple to create a bug bounty program. I think that this is the best for both Apple and Researchers."

This isn't the first Keychain-related vulnerability discovered in macOS. Security researcher Patrick Wardle demoed a similar vulnerability in 2017, which has been patched.

Popular Stories

iOS 26 on iPhone Feature

Here's When iOS 26 Rolls Out Today in Every Time Zone

Monday September 15, 2025 12:00 am PDT by
Today's the day. Apple is about to release iOS 26, which will deliver the biggest redesign since iOS 7 and bring a range of new features and improvements to iPhones worldwide. It's Apple's biggest software update of the year, and Apple announced at last week's iPhone event that it will be releasing iOS 26 sometime today – Monday, September 15. Based on past releases, the update is likely...
Read Full Article60 comments
Tim Cook Rainbow

Apple Reportedly Plans to Launch These 10 Products in 'Coming Months'

Sunday September 14, 2025 8:45 am PDT by
Apple's annual September event is now in the rearview mirror, with the iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, iPhone Air, Apple Watch Series 11, Apple Watch Ultra 3, Apple Watch SE 3, and AirPods Pro 3 set to launch this Friday, September 19. As always, there is more to come. In his Power On newsletter today, Bloomberg's Mark Gurman said Apple plans to release many products in the...
Read Full Article63 comments
apple n1 chip

Apple's New N1 Chip in iPhone 17, iPhone 17 Pro, and iPhone Air Has a Wi-Fi 7 Limitation

Saturday September 13, 2025 10:01 am PDT by
The latest iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air models are equipped with Apple's all-new N1 chip for Wi-Fi 7, Bluetooth 6, and Thread connectivity. However, the chip has a Wi-Fi 7 bandwidth limitation. According to FCC documents reviewed by MacRumors, the N1 chip in all of the new iPhone models supports up to 160 MHz channel bandwidth for Wi-Fi 7, short of the...
Read Full Article95 comments
iPhone 17 Pro Colors

Didn't Pre-Order a New iPhone Yet? Here's How Long the Wait is Now

Friday September 12, 2025 6:11 am PDT by
iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air pre-orders began at 5 a.m. Pacific Time in the U.S. and many other countries today. If you have yet to place a pre-order, you might face a longer wait now, depending on your desired configuration. As of shortly after 6 a.m. Pacific Time today, nearly all iPhone 17 Pro Max configurations on Apple's online store in the U.S. are facing ...
Read Full Article296 comments
airpods translate

AirPods Live Translation Blocked for EU Users With EU Apple Accounts

Thursday September 11, 2025 4:01 am PDT by
Apple's new Live Translation feature for AirPods will be off-limits to millions of European users when it arrives next week, with strict EU regulations likely holding back its rollout. Apple says on its feature availability webpage that "Apple Intelligence: Live Translation with AirPods" won't be available if both the user is physically in the EU and their Apple Account region is in the EU....
Read Full Article234 comments
iphone 17 lineup

iPhone 17 Models Launch on September 19 With These New Features

Friday September 12, 2025 7:58 am PDT by
Apple will launch its new iPhone 17 lineup and ultra-thin iPhone Air in stores on Friday, September 19, and the company has already shown off the new devices at its fall event, which ran with the the tagline "Awe dropping." The iPhone 17 series brings a host of new features and enhancements. Here's a rundown of the biggest upgrades and changes: iPhone 17 Display Changes The iPhone...
Read Full Article17 comments
iphone air all colors

iPhone Air and iPhone 17 Pro Now Facing Extended Delivery Estimates

Saturday September 13, 2025 11:43 am PDT by
iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air pre-orders began on Friday in the U.S. and many other countries. iPhone 17 Pro Max delivery estimates quickly slipped beyond the Friday, September 19 launch day for those who had yet to place an order, and now the rest of the new models have started to follow suit. As of shortly after 11:30 a.m. Pacific Time today, select iPhone 17, ...
Read Full Article84 comments
iPhone 17 Pro Colors

iPhone 17 and iPhone 17 Pro Models Are eSIM-Only in These Countries

Tuesday September 9, 2025 12:23 pm PDT by
Apple continues to phase out the physical SIM card tray on iPhones, with the latest models relying solely on eSIM technology in more countries. The new iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max support eSIMs only in these countries and regions, according to Apple: Bahrain Canada Guam Japan Kuwait Mexico Oman Qatar Saudi Arabia United Arab Emirates Un...
Read Full Article78 comments
iPhone 17 Air Battery

Apple Reveals iPhone Air Battery Replacement and Repair Fees

Friday September 12, 2025 9:33 am PDT by
Apple today disclosed its out-of-warranty repair fees for all of the iPhone 17 and iPhone Air models, ahead of the devices launching next week. First and foremost, Apple's battery replacement fees did not increase for the latest iPhone models in the U.S., with Apple charging a flat $119 to replace the battery inside an iPhone 17 Pro, iPhone 17 Pro Max, or iPhone Air. This is the same fee it...
Read Full Article60 comments

Top Rated Comments

Scottsoapbox Avatar
Scottsoapbox
86 months ago
How does Apple not have a bug bounty program? Did they start believing their own marketing on Mac OS?
Score: 66 Votes (Like | Disagree)
Goompa Avatar
Goompa
86 months ago
It doesn’t surprise me. It’s been long time since Apple seemed to care about macOS.

I’m happy for the researcher. Let’s put some pressure on the giant.
Score: 45 Votes (Like | Disagree)
AngerDanger Avatar
AngerDanger
86 months ago
Thank god! It was so time-consuming having to double FaceTime call people and wait for them to casually list their passwords as part of natural conversation.
Score: 34 Votes (Like | Disagree)
CE3 Avatar
CE3
86 months ago
I understand that finding flaws isn't always an easy thing and can take highly educated/skilled people lots of time to find things like this however no one is forcing this guy to do it.

This sounds a bit like extortion to me.
Extortion implies that not informing developers of bugs is illegal, which it isn’t of course. Apple has likely “reached out” to offer a reward, but he says his motivation is to use this as an opportunity to get a reward program in place for everyone. Good for him. it will probably happen now.

Yes, no one forced him to find this vulnerability, but if you’re a macOS user you should be thankful that he did.
Score: 29 Votes (Like | Disagree)
displaced Avatar
displaced
86 months ago
Hmm.

Are Bug Bounty rewards a good idea which provide incentive and reward to bug researchers? Yes. Should Apple have one for macOS? Most likely.

Should a researcher withhold details on a discovered bug as a protest about the lack of a bounty? I don't think so. It seems both unprofessional and dangerous.
Score: 28 Votes (Like | Disagree)
lostngone Avatar
lostngone
86 months ago
I understand that finding flaws isn't always an easy thing and can take highly educated/skilled people lots of time to find things like this however no one is forcing this guy to do it.

This sounds a bit like extortion to me.
Score: 25 Votes (Like | Disagree)
Read All Comments