uninstallmacapp.com News
  • Home

Researchers found a vulnerability on macOS: the user’s passwords can be stolen

  • By admin
  • Mar-18-2019
  • Tech News
  • 0 Comments.

This week, Linus Henze, Gernman security researcher, found a new zero-day vulnerability on macOS named “KeySteal”, which is to access all the sensitive data of the user with the related password.

1

It seems that Linus Henze used a malicious app to extract data from the app accessed with Mac’s keychain, without the administrator right or password. It can obtain passwords and other information of the app accessed with the keychain.

The funny thing is that Linus Henze didn’t reveal this to Apple. He said he won’t publish the vulnerability, because Apple hasn’t proposed any reward plan for vulnerabilities yet. He also clarified his position in a declaration he made to “Forbes”: “It takes time to discover such vulnerabilities. I think it’s the researchers should be paid for that, since we’re helping Apple improve their products.”

Apple has an incentive plan for iOS. People who discovered vulnerabilities will be rewarded. But Apple hasn’t had that for macOS yet. It’s learned that Apple’s security team has contacted Henze, but he still refused to provide any more details, unless there is an incentive plan. According to Linus Henze: “This is never my motive, even though it seems I did this just for money. My motive is to ask Apple create an incentive plan for vulnerabilities, which I think would be good for both Apple and researchers.”

In addition, KeySteal is not the first vulnerability related to keychain accessibility on macOS discovered by researchers. Patrick Wardle, security researcher, demonstrated a similar vulnerability in 2017, which should have been fixed now.

Comments

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

← Previous Post Next Post →

Recent Posts

  • Supplementary update of macOS Mojave: bug fixes for the system and Safari 14
  • New Malware on Mac: Spread through Xcode Project
  • Apple releases the first public beta of macOS Big Sur
  • A new Intel-based iMac probably released this week: design remains unchanged
  • Supply chain expects MacBook shipments to grow by more than 20% in the third quarter

Recent Comments

    Archives

    • October 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    • December 2016
    • November 2016
    • October 2016
    • September 2016
    • August 2016
    • July 2016
    • June 2016
    • May 2016
    • April 2016
    • March 2016
    • February 2016
    • January 2016
    • December 2015
    • November 2015
    • October 2015
    • September 2015
    • August 2015
    • July 2015

    Categories

    • gaming news
    • life news
    • Remove Guides
    • Tech News
    • Uncategorized

    Meta

    • Log in
    • Entries RSS
    • Comments RSS
    • WordPress.org
    About This Site

    A cras tincidunt, ut tellus et. Gravida scel ipsum sed iaculis, nunc non nam. Placerat sed phase llus, purus purus elit.

    Archives Widget
    • January 2010
    • December 2009
    • November 2009
    • October 2009
    Categories
    • Entertainment
    • Technology
    • Sports & Recreation
    • Jobs & Lifestyle
    Search

    Powered by WordPress  |  Business Directory by InkThemes.