Just last week it emerged that a 14-year-old uncovered a bug that allowed snooping on iPhone and Mac users thanks to a problem in FaceTime.Now German 18-year-old Linus Henze discovered a serious security issue in the latest release of Apple’s operating system, macOS. The essence of this vulnerability lies in the possibility of disclosure of passwords stored in the system to malicious applications.
Thus, an attacker can gain access to your credentials from services such as Amazon, Netflix, Slack, as well as from bank accounts. Although this is a pure Mac bug, syncing iPhone passwords can also be at risk due to iCloud keyring.
Unfortunately, it seems that Apple is currently not even working on a patch for this vulnerability. Discovered a hole teenager Linus Henze has decided not to disclose his find to Apple. He explained his position to Forbes by the absence of an acceptable reward for such vulnerabilities.
Henze discovered that he can create a special application that can read everything that is stored in a keychain. In this case, the permission of the owner of the computer is absolutely not required.
“It’s a little disheartening that Apple can’t figure out how to secure the keychain. What’s the point of creating something to store all the most sensitive information on the system if that mechanism itself is consistently insecure.”
A quick fix
Apple said it had no comment at the time of publication. As it has no technical information from Henze, it’s unclear when a fix will become available. The latest macOS Mojave is 10.14.3.
User Review( votes)