Researcher demos new macOS Keychain exploit, holds data from Apple in protest
A veteran security researcher this week revealed the existence of a new macOS Keychain exploit, while controversially saying he wouldn't share details with Apple because of its bug bounty policies.
A demo app, "KeySteal," is able to extract login and System passwords from Keychain without any administrator privileges, and regardless of whether System Integrity Protection or Access Control Lists are configured, according to Linuz Henze. Items in the iCloud Keychain are immune, Henze told Heise.
There have been no reports so far of the exploit being used in the wild, but concerned Mac owners can protect themselves by adding an extra password to the login keychain.
Henze's protest stems from the fact that the company's bug bounty program only covers iOS, not macOS. Independent researchers can be dependent on such payouts.
Even within the iOS sphere Apple's program has been criticized as comparatively stingy, paying less than what third-party firms are offering. One such outfit, Zerodium, recently hiked its bounties to as high as $2 million for a remote, persistent, "zero-click" iOS jailbreak. The most Apple will pay is $200,000 even with the integrity of its platforms at stake.