Home / Home Users / Teenager found a way to steal all macOS user passwords

Teenager found a way to steal all macOS user passwords

Just last week it emerged that a 14-year-old uncovered a bug that allowed snooping on iPhone and Mac users thanks to a problem in FaceTime.

Now German 18-year-old Linus Henze discovered a serious security issue in the latest release of Apple’s operating system, macOS. The essence of this vulnerability lies in the possibility of disclosure of passwords stored in the system to malicious applications.

Thus, an attacker can gain access to your credentials from services such as Amazon, Netflix, Slack, as well as from bank accounts. Although this is a pure Mac bug, syncing iPhone passwords can also be at risk due to iCloud keyring.

Unfortunately, it seems that Apple is currently not even working on a patch for this vulnerability. Discovered a hole teenager Linus Henze has decided not to disclose his find to Apple. He explained his position to Forbes by the absence of an acceptable reward for such vulnerabilities.

Henze discovered that he can create a special application that can read everything that is stored in a keychain. In this case, the permission of the owner of the computer is absolutely not required.

“It’s a little disheartening that Apple can’t figure out how to secure the keychain. What’s the point of creating something to store all the most sensitive information on the system if that mechanism itself is consistently insecure.”

A quick fix

Apple said it had no comment at the time of publication. As it has no technical information from Henze, it’s unclear when a fix will become available. The latest macOS Mojave is 10.14.3.

[Total: 0    Average: 0/5]
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

PoC exploit for Android vulnerability

Information security researcher publishes PoC exploit for critical vulnerability in Android

Grant Hernandez, Ph.D. in science at the University of Florida’s Cybersecurity Institute, has published a …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.