Security Expert Demos MacOS Mojave Exploit to Access Keychain Passwords

7 years ago

According to a report by 9to5Mac, security expert Linuz Henze has demonstrated a macOS Mojave exploit on video that allows access to passwords stored in the Keychain app.

The researcher has, however, decided not to share the details of the exploit with Apple out of frustration that the company’s bug bounty program only applies to iOS and not macOS. In the past, Henze has publicly shared legitimate iOS vulnerabilities so he has a track record of credibility.

Remember KeychainStealer by @patrickwardle which can steal all your keychain passwords?
While his vulnerability is patched now, I’ve found a new one, affecting macOS Mojave and lower.
More information can be found in my video:https://t.co/wBQL2s6v7z #OhBehaveHack #OhBehaveApple

— Linus Henze (@LinusHenze)

February 3, 2019

Looking at the video, it appears the ‘KeySteal’ app does not even require administrator privileges to execute the attack. The exploit is also claimed to work on macOS machines with System Integrity Protection enabled.

So far, it is not known if Apple is aware of the problem or not. Check out the following video and share your thoughts with us in the comments section.

Want to see more of our stories on Google?

P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!