Security Researcher Discovers macOS Flaw, Refuses to Share Details with Apple

Security researcher Linus Henze has found a vulnerability in Apple’s macOS operating system that would allow an attacker to obtain user’s login and system passwords with the right tools.

The researcher demoed an app called “KeySteal” on YouTube (you can see it in action below), which appears to be capable of extracting login and system passwords from the macOS Keychain utility without the need of the administrator (root) password.

Linus Henze’s KeySteal app leverages a new macOS Keychain exploit, so it works even if the Access Control Lists (ACL) and System Integrity Protection (SIP) are not configured. But the good news is that this vulnerability doesn’t affect your iCloud Keychain credentials.

The Keychain exploit discovered by Linus Henze looks to affect the latest macOS Mojave 10.14 operating system series from version 10.14 to 10.14.3. However, the researcher refuses to share any details with Apple about his vulnerability in protest that the tech giant doesn’… (read more)

Source Link

Remember to like our Facebook and our twitter @macheatdotcom for a chance to win a free iPad Pro every month!

Quick Links: How To Install Steam On Mac | Download Mac Apps | Mac Games |  Download Rolex Watch Wallpapers

Juniya Sankara

Juniya Sankara

A web developer, programmer, MacOS fanatic. I also love comic books, sports and I enjoy researching history facts. My role on MacHeat.com is to make sure everything works 24/7.