Researcher provides Apple with details (and fix) for Keychain flaw

By

macOS Keychain
Apple still won't cough up a reward.
Photo: Killian Bell/Cult of Mac

A security researcher has decided to provide Apple with details — and a patch — for a serious Keychain flaw in macOS Mojave that allows anyone to access your saved usernames and passwords.

Linus Henze previously withheld the information in protest of Apple’s decision not to offer a macOS bug bounty program. He now believes the problem is too serious for the company to ignore.

macOS Mojave flaw puts your Keychain passwords at risk

By

macOS Keychain
Apple still won't cough up a reward.
Photo: Killian Bell/Cult of Mac

A new flaw discovered in macOS Mojave puts your sensitive Keychain data at risk.

One security researcher has demonstrated an exploit that could allow anyone to access saved usernames and passwords without administrator access. He won’t share the details with Apple, however, because there is no reward on offer.