macOS Keychain Security Flaw Discovered by Researcher, but Details Not Shared With Apple Over Bug Bounty Protest

German security researcher Linus Henze this week discovered a new zero-day macOS vulnerability dubbed "KeySteal," which, as demoed in the video below, can be used to get to all of the sensitive data stored in the Keychain app.

Henze appears to use a malicious app to extract data from the Mac's Keychain app without the need for administrator access or an administrator password. It can get passwords and other information from Keychain, as well as passwords and details for other macOS users.


Henze has not shared the details of this exploit with Apple and says that he won't release it because Apple has no bug bounty program available for macOS. "So blame them," Henze writes in the video's description. In a statement to Forbes, Henze clarified his position, and said that discovering vulnerabilities takes time.

"Finding vulnerabilities like this one takes time, and I just think that paying researchers is the right thing to do because we're helping Apple to make their product more secure."

Apple has a reward program for iOS that provides money to those who discover bugs, but there is no similar payment system for macOS bugs.

According to German site Heise Online, which spoke to Henze, the exploit allows access to Mac Keychain items but not information stored in iCloud. Keychain is also required to be unlocked, something that happens by default when a user logs in to their account on a Mac.

applekeychain
Keychain can be locked by opening up the Keychain app, but an admin password then needs to be entered whenever an application needs to access Keychain, which can be inconvenient.

Apple's security team has reached out to Henze, according to ZDNet, but he has continued to refuse to provide additional detail unless they provide a bug bounty program for macOS. "Even if it looks like I'm doing this just for money, this is not my motivation at all in this case," said Henze. "My motivation is to get Apple to create a bug bounty program. I think that this is the best for both Apple and Researchers."

This isn't the first Keychain-related vulnerability discovered in macOS. Security researcher Patrick Wardle demoed a similar vulnerability in 2017, which has been patched.

Popular Stories

iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching in Three Months With These 12 New Features

Saturday June 21, 2025 2:45 pm PDT by
The iPhone 17 Pro and iPhone 17 Pro Max are around three months away, and there are plenty of rumors about the devices from credible sources. Below, we recap key changes rumored for the iPhone 17 Pro models as of June 2025:Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone X...
iPhone 16 Battery Life Feature

iOS 26's New Battery Life Mode Available Only on These iPhone Models

Saturday June 21, 2025 9:02 am PDT by
Last week, we reported that iOS 26 introduces an opt-in Adaptive Power Mode on the iPhone, alongside the existing Low Power Mode. Apple says that Adaptive Power Mode can make "small performance adjustments" when necessary to extend an iPhone's battery life, including slightly lowering the display brightness or allowing some activities to "take a little longer." The full description of...
All Screen iPhone 2027 Feature 1

iPhone Reportedly Moving to All-Screen Design in Two Stages

Sunday June 22, 2025 3:58 pm PDT by
Apple has long been working towards an iPhone with an all-screen design, and it might finally achieve the feat in a few more years from now. In his Power On newsletter today, Bloomberg's Mark Gurman said that Apple will shrink the size of the Dynamic Island on new iPhone models released next year. A year after that, he expects Apple to release a redesigned 20th-anniversary iPhone model....
iOS 26 Feature

Everything New in iOS 26 Beta 2

Monday June 23, 2025 2:57 pm PDT by
Apple provided developers with the second beta of iOS 26, introducing the first changes and refinements to the new operating system since it debuted after the WWDC keynote. Because we're early in the beta testing process, there are quite a few tweaks to iOS 26, which we've rounded up below. Control Center The background behind the Liquid Glass Control Center buttons has more blur, allowing...
ios 26 control center b2

iOS 26 Beta 2 Fixes Control Center Design

Monday June 23, 2025 10:58 am PDT by
With the second beta of iOS 26 that Apple provided to developers today, Apple addressed one of the major complaints that people have had with Liquid Glass. iOS 26 beta 1 on left, iOS 26 beta 2 on right The Control Center buttons are now slightly more opaque, making it easier to see the different control options even on a multicolored background. The new, more opaque look is apparent with the ...
iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro's Alleged Vapor Chamber Cooling System Partly Revealed

Sunday June 22, 2025 6:37 am PDT by
Apple's upcoming iPhone 17 Pro and iPhone 17 Pro Max models are rumored to be equipped with a vapor chamber cooling system, and a leaker known as Majin Bu today shared a photo of an alleged copper thermal plate for the system. Many high-end Android smartphones like Samsung's Galaxy S25 Ultra are equipped with a vapor chamber cooling system, which can manage heat dissipation inside the...
Wi Fi WiFi General Feature

iOS 26 Adding Two New Wi-Fi Features, Allows AirDrop and AirPlay Alternatives

Saturday June 21, 2025 7:02 am PDT by
iOS 26 is gaining two new Wi-Fi features, including Captive Assist and Wi-Fi Aware. MacRumors contributor Aaron Perris discovered a reference to Captive Assist within the code for the first iOS 26 developer beta, but Apple has yet to enable the feature. It should be available by the time the software update is released later this year. In his Power On newsletter last month, Bloomberg's...
iOS 26 on Three iPhones

iOS 26 Includes These Five Smaller Features You Might Have Missed

Saturday June 21, 2025 11:18 am PDT by
While the dust is beginning to settle on the first iOS 26 beta, we continue to take a closer look at new features coming with the update. Below, we recap five smaller changes that you might have missed. Emoji Game Apple News+ subscribers in the U.S. and Canada can play a new Emoji Game, which tasks players with completing words and phrases with emoji. This is the fifth game that is...
airpods 4 blue

Apple Offering Free AirPods — Here's How to Get Them

Tuesday June 17, 2025 6:33 am PDT by
Apple is running a new promotion that offers free AirPods to qualifying customers. Now through September 30, college and university students in the U.S., Canada, Mexico, and Singapore can receive free AirPods 4 when they purchase an eligible new Mac or iPad from Apple. AirPods Pro 2 are also available at a discount. If you do not want AirPods, the promotion also offers various other...

Top Rated Comments

Scottsoapbox Avatar
83 months ago
How does Apple not have a bug bounty program? Did they start believing their own marketing on Mac OS?
Score: 66 Votes (Like | Disagree)
Goompa Avatar
83 months ago
It doesn’t surprise me. It’s been long time since Apple seemed to care about macOS.

I’m happy for the researcher. Let’s put some pressure on the giant.
Score: 45 Votes (Like | Disagree)
AngerDanger Avatar
83 months ago
Thank god! It was so time-consuming having to double FaceTime call people and wait for them to casually list their passwords as part of natural conversation.
Score: 34 Votes (Like | Disagree)
CE3 Avatar
83 months ago
I understand that finding flaws isn't always an easy thing and can take highly educated/skilled people lots of time to find things like this however no one is forcing this guy to do it.

This sounds a bit like extortion to me.
Extortion implies that not informing developers of bugs is illegal, which it isn’t of course. Apple has likely “reached out” to offer a reward, but he says his motivation is to use this as an opportunity to get a reward program in place for everyone. Good for him. it will probably happen now.

Yes, no one forced him to find this vulnerability, but if you’re a macOS user you should be thankful that he did.
Score: 29 Votes (Like | Disagree)
displaced Avatar
83 months ago
Hmm.

Are Bug Bounty rewards a good idea which provide incentive and reward to bug researchers? Yes. Should Apple have one for macOS? Most likely.

Should a researcher withhold details on a discovered bug as a protest about the lack of a bounty? I don't think so. It seems both unprofessional and dangerous.
Score: 28 Votes (Like | Disagree)
lostngone Avatar
83 months ago
I understand that finding flaws isn't always an easy thing and can take highly educated/skilled people lots of time to find things like this however no one is forcing this guy to do it.

This sounds a bit like extortion to me.
Score: 25 Votes (Like | Disagree)