
A German security researcher, Linuz Henze, revealed via Twitter, anyone can steal your passwords using an app called KeySteal. Fortunately, iCloud Keychain is not affected by this exploit. MacOS keychain exploit: what happened As it turns out, KeychainmacOS app designed to securely store passwords and other user credentialsis not as secure as Apple wants us to believe. Use your your keychain password to unlock it when needed.

In Keychain Access, make sure you know your keychain password, then highlight “login” and click the lock icon in the upper left of the window to lock the login keychain. It would appear that Apples recently released macOS High Sierra 10. Until Apple identifies and fixes this exploit, protect the integrity of your Keychain by making sure you lock the login keychain with an extra password. Extend your bug bounty program to include macOS (and all other operating systems not currently covered). “Henze encourages other hackers and security researchers to publicly release Mac security issues as he wants to put pressure on Apple to expand the bug bounty program to cover macOS in addition to iOS.” Security researcher Linuz Henze has shared a video demonstration of what is claimed to be a macOS Mojave exploit to access passwords stored in the Keychain, Benjamin Mayo reports for 9to5Mac.
#Mac keychain access expolit how to
However, instead of informing Apple of the issue and how to reproduce it so Apple can fix it, he is holding back in protest since Apple does not offer. “Via, the exploit can purportedly access all the items in the ‘login’ and ‘System’ keychain,” Mayo reports. Researcher Demos Keychain Exploit But Refuses To Help Apple A security researcher posted a video of a piece of malware he developed that could be used to access parts of a Mac’s Keychain. “However, Henze is frustrated that Apple’s bug bounty program only applies to iOS, not macOS, and has decided not to release more information about his latest Keychain invasion.” “Henze has publicly shared legitimate iOS vulnerabilities in the past, so he has a track record of credibility,” Mayo reports. “However, he has said he is not sharing his findings with Apple out of protest.”


“Security researcher Linuz Henze has shared a video demonstration of what is claimed to be a macOS Mojave exploit to access passwords stored in the Keychain,” Benjamin Mayo reports for 9to5Mac.
