Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
macOS Keychain Security Flaw Discovered by Researcher, but Details Not Shared With Apple Over Bug Bounty Protest
German security researcher Linus Henze this week discovered a new zero-day macOS vulnerability dubbed "KeySteal," which, as demoed in the video below, can be used to get to all of the sensitive data stored in the Keychain app.
Henze appears to use a malicious app to extract data from the Mac's Keychain app without the need for administrator access or an administrator password. It can get passwords and other information from Keychain, as well as passwords and details for other macOS users.
Henze has not shared the details of this exploit with Apple and says that he won't release it because Apple has no bug bounty program available for macOS. "So blame them," Henze writes in the video's description. In a statement to Forbes, Henze clarified his position, and said that discovering vulnerabilities takes time.
According to German site Heise Online, which spoke to Henze, the exploit allows access to Mac Keychain items but not information stored in iCloud. Keychain is also required to be unlocked, something that happens by default when a user logs in to their account on a Mac.
Keychain can be locked by opening up the Keychain app, but an admin password then needs to be entered whenever an application needs to access Keychain, which can be inconvenient.
Apple's security team has reached out to Henze, according to ZDNet, but he has continued to refuse to provide additional detail unless they provide a bug bounty program for macOS. "Even if it looks like I'm doing this just for money, this is not my motivation at all in this case," said Henze. "My motivation is to get Apple to create a bug bounty program. I think that this is the best for both Apple and Researchers."
This isn't the first Keychain-related vulnerability discovered in macOS. Security researcher Patrick Wardle demoed a similar vulnerability in 2017, which has been patched.
Henze appears to use a malicious app to extract data from the Mac's Keychain app without the need for administrator access or an administrator password. It can get passwords and other information from Keychain, as well as passwords and details for other macOS users.
Henze has not shared the details of this exploit with Apple and says that he won't release it because Apple has no bug bounty program available for macOS. "So blame them," Henze writes in the video's description. In a statement to Forbes, Henze clarified his position, and said that discovering vulnerabilities takes time.
"Finding vulnerabilities like this one takes time, and I just think that paying researchers is the right thing to do because we're helping Apple to make their product more secure."Apple has a reward program for iOS that provides money to those who discover bugs, but there is no similar payment system for macOS bugs.
According to German site Heise Online, which spoke to Henze, the exploit allows access to Mac Keychain items but not information stored in iCloud. Keychain is also required to be unlocked, something that happens by default when a user logs in to their account on a Mac.
Keychain can be locked by opening up the Keychain app, but an admin password then needs to be entered whenever an application needs to access Keychain, which can be inconvenient.
Apple's security team has reached out to Henze, according to ZDNet, but he has continued to refuse to provide additional detail unless they provide a bug bounty program for macOS. "Even if it looks like I'm doing this just for money, this is not my motivation at all in this case," said Henze. "My motivation is to get Apple to create a bug bounty program. I think that this is the best for both Apple and Researchers."
This isn't the first Keychain-related vulnerability discovered in macOS. Security researcher Patrick Wardle demoed a similar vulnerability in 2017, which has been patched.
[ 242 comments ]
Top Rated Comments
(View all)
11 weeks ago
How does Apple not have a bug bounty program? Did they start believing their own marketing on Mac OS?
11 weeks ago
It doesn’t surprise me. It’s been long time since Apple seemed to care about macOS.
I’m happy for the researcher. Let’s put some pressure on the giant.
I’m happy for the researcher. Let’s put some pressure on the giant.
11 weeks ago
Thank god! It was so time-consuming having to double FaceTime call people and wait for them to casually list their passwords as part of natural conversation.
11 weeks ago
I understand that finding flaws isn't always an easy thing and can take highly educated/skilled people lots of time to find things like this however no one is forcing this guy to do it.
This sounds a bit like extortion to me.
Extortion implies that not informing developers of bugs is illegal, which it isn’t of course. Apple has likely “reached out” to offer a reward, but he says his motivation is to use this as an opportunity to get a reward program in place for everyone. Good for him. it will probably happen now.
Yes, no one forced him to find this vulnerability, but if you’re a macOS user you should be thankful that he did.
11 weeks ago
Hmm.
Are Bug Bounty rewards a good idea which provide incentive and reward to bug researchers? Yes. Should Apple have one for macOS? Most likely.
Should a researcher withhold details on a discovered bug as a protest about the lack of a bounty? I don't think so. It seems both unprofessional and dangerous.
Are Bug Bounty rewards a good idea which provide incentive and reward to bug researchers? Yes. Should Apple have one for macOS? Most likely.
Should a researcher withhold details on a discovered bug as a protest about the lack of a bounty? I don't think so. It seems both unprofessional and dangerous.
11 weeks ago
I understand that finding flaws isn't always an easy thing and can take highly educated/skilled people lots of time to find things like this however no one is forcing this guy to do it.
This sounds a bit like extortion to me.
This sounds a bit like extortion to me.
11 weeks ago
In full support of the researcher.
With the rise of MacOS, I am surprise MacOS bug bounty program weren't already in place.
With the rise of MacOS, I am surprise MacOS bug bounty program weren't already in place.
11 weeks ago
"Even if it looks like I'm doing this just for money, this is not my motivation at all in this case," said Henze.
Translation: I'm not doing this for the money.
"My motivation is to get Apple to create a bug bounty program. I think that this is the best for both Apple and Researchers."
Translation: But I'm doing it for the money.
11 weeks ago
Mmmm I don't know, maybe because him being a Mac user is vulnerable to such issue, and so is everyone else? Also, maybe because it's the right thing to do? Well, I guess people don't really care about that anymore. No wonder things are the way they are in the world today. Before anyone says "Well, that's how he makes a living." He knew before hand that Apple does not offer a bug bounty for macOS so he should be investing his time finding bugs in iOS perhaps. Don't take me wrong, I do believe Apple should offer a bug bounty for macOS, but I don't think holding them "hostage" is the correct thing to do.
Nobody is holding anyone hostage. The security researcher isn't threatening to release the details if Apple doesn't pay up.
[ Read All Comments ]
As part of its ongoing effort to rebuild Apple Maps, Apple has added detailed terrain features to the U.S. states of Arizona and New Mexico as well as the southern portion of Nevada, including the...
Tik Tok, which was pulled from the App Store in India last week to comply with a government demand to block downloads over child safety concerns, is allowed to return to the App Store, reports...
Amazon is currently discounting the latest 13-inch MacBook Pro with Touch Bar to a new all-time-low price. Specifically, this is the 2.3 GHz Quad-Core Intel Core i5 model with 8GB RAM and a 512GB...
Over four years after debuting on Android, and following a significant redesign last year, Google Fit is now available on iOS.
The fitness tracking app can track workout sessions completed...
Following a flash sale on Easter, Best Buy has returned this week with a new 4-day sale that offers discounts on the MacBook Pro with Touch Bar, iPhone X, Beats products, iPhone cases, and more. The...
iPhone XR remained the best-selling iPhone model in the United States in the first quarter of 2019, as it was in the fourth quarter of 2018, according to a survey conducted by research firm CIRP and...
Apple today seeded the third beta of an upcoming tvOS 12.3 update to its public beta testing group, one day after providing the beta to developers and two weeks after seeding the second public beta....
Apple today seeded the third beta of an upcoming macOS Mojave 10.14.5 update to its public beta testing group, a day after seeding the beta to developers and two weeks after releasing the second...
