MacOS Bug Can Reveal Passwords: Who Discovered It and Why Has Apple Not Deleted It So Far?

A young security researcher, called Linus Henze, discovered a MacOS bug which exposes passwords in Apple’s Keychain software. However, the researcher does not plan to share his disclosure with Apple.

MacOS Majove

MacOS Majove is a new desktop operating system which was released to public in September, 2018. The update brought a bunch of new features to its users, these are a FaceTime call with up to 32 people, the ability to transfer photos and document from your iPhone or iPad’s camera, dynamic desktop, etc. However, it seems that a new update brings not only fantastic features, but some bugs and problems as well.

Last week, shocking news was spread all around the Web saying that MacOS bug lets a person hear the audio coming from the phone whom you are calling to with Facetime. According to Benjamin Mayo at 9to5Mac, the person who first found out the problem, “there’s a second part to this which can expose video too…”

Forbes also revealed some details that, in fact, it does not matter whether the recipient has accepted the call or not, all audio captured while the iPhone is ringing can be heard by the caller. Moreover, if the recipient presses the power button from the lockscreen, used to accept or reject the incoming FaceTime chat, then video is also sent to the caller. Many people are extremely concerned of such a lack of privacy.

Exposure of Passwords

A 18-year old security researcher has discovered the latest MacOs Majove vulnerability to expose passwords in the malicious apps. These could be passwords from your bank website, Amazon, Netflix, Slack, etc. In case you are using the iCloud keychain, the passwords can be synced.

Below you can see a demo-video, which shows “KeySteal” exploit.

The reason why Linus Henze does not want to reveal his finding to Apple is the lack of payment for such research. Apple’s bug bounty program currently only applies to iOS, meaning that he might not get anything for his disclosure.

Henze told Forbes:

“It’s like [Apple doesn’t] really care about macOS. Finding vulnerabilities like this one takes time, and I just think that paying researchers is the right thing to do because we’re helping Apple to make their product more secure.”

Subscribe to The Coin Shark news in Facebook: