Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Researcher demos new macOS Keychain exploit, holds data from Apple in protest

Last updated

A veteran security researcher this week revealed the existence of a new macOS Keychain exploit, while controversially saying he wouldn't share details with Apple because of its bug bounty policies.

A demo app, "KeySteal," is able to extract login and System passwords from Keychain without any administrator privileges, and regardless of whether System Integrity Protection or Access Control Lists are configured, according to Linuz Henze. Items in the iCloud Keychain are immune, Henze told Heise.

There have been no reports so far of the exploit being used in the wild, but concerned Mac owners can protect themselves by adding an extra password to the login keychain.

Henze's protest stems from the fact that the company's bug bounty program only covers iOS, not macOS. Independent researchers can be dependent on such payouts.

Even within the iOS sphere Apple's program has been criticized as comparatively stingy, paying less than what third-party firms are offering. One such outfit, Zerodium, recently hiked its bounties to as high as $2 million for a remote, persistent, "zero-click" iOS jailbreak. The most Apple will pay is $200,000 even with the integrity of its platforms at stake.



25 Comments

davgreg 9 Years · 1050 comments

If they can pay about $3 Billion for Beats- a "me too" rental service that also sold crappy headphones and speakers, they can afford to pay better bounties for bugs and hire more people to suit their stuff.

jimh2 8 Years · 670 comments

Beats is a money maker. Have you ever looked around and noticed they are everywhere. Call them what you want but they sell.

So basically he is extorting Apple which is illegal.

benji888 11 Years · 135 comments

This is bogus:

1) the person trying to steal your passwords has to first have access to your Mac.
2) he then ran some app to get your passwords...I’m guessing all this app does is enter your Mac’s password for the keychain items automatically and then extracts them and displays them all in a list, so, again, back to 1).
3) you can also lock keychain so that it has to be opened with a password, so they’d need not only your Mac’s password, but keychain’s password...this is not the default for keychain.

benji888 11 Years · 135 comments

... what this does, (2) above), is not that impressive...again the person has to first have access (Mac password) to your Mac.

i think this is click bait for the app. Some people might like a list of all the passwords in keychain.

DAalseth 6 Years · 3067 comments

Should Apple extend the bonus program to macOS and the other OSs they make? Yes absolutely. 
Is it unethical for this person to withhold this important security info from Apple until they get paid? Yes absolutely.