Security researcher demos macOS exploit to access Keychain passwords, but won’t share details with Apple out of protest

Security researcher Linuz Henze has shared a video demonstration of what is claimed to be a macOS Mojave exploit to access passwords stored in the Keychain. However, he has said he is not sharing his findings with Apple out of protest.

Author Ad Placeholder
Will only appear on redesign env.

Henze has publicly shared legitimate iOS vulnerabilities in the past, so he has a track record of credibility.

However, Henze is frustrated that Apple’s bug bounty program only applies to iOS, not macOS, and has decided not to release more information about his latest Keychain invasion.

The KeySteal demo app does not require administrator privileges to execute the attack. It also does not matter if Access Control Lists are set up. The exploit is also claimed to succeed on machines with System Integrity Protection enabled.

Here’s the demo video of ‘KeySteal’.

Via, the exploit can purportedly access all the items in the “login” and “System” keychain. The iCloud Keychain is not susceptible as that stores data in a different way.

Users can proactively defend themselves by locking the login Keychain with an additional password, but this is not the default configuration and is not convenient to enable as it results in endless security authentication dialogs when using macOS.

It’s not clear if Apple is aware of the problem at this time.

Henze encourages other hackers and security researchers to publicly release Mac security issues as he wants to put pressure on Apple to expand the bug bounty program to cover macOS in addition to iOS.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:



Avatar for Benjamin Mayo Benjamin Mayo

Benjamin develops iOS apps professionally and covers Apple news and rumors for 9to5Mac. Listen to Benjamin, every week, on the Happy Hour podcast. Check out his personal blog. Message Benjamin over email or Twitter.