Teen discovers password-pilfering flaw in Apple's macOS Mojave

guest · Feb 6, 2019

Teen discovers password-pilfering flaw in Apple's macOS Mojave
He tells the whole world but keeps Cupertino in the dark
February 6, 2019
https://www.theinquirer.net/inquirer/news/3070574/teen-finds-apple-macos-password-pilfering-flaw

Linus Henze, a German teenager and hobby hacker by the looks of it, found a vulnerability in Apple's latest version of macOS Mojave that leaves stored passwords open to pilfering by malicious apps

Henze discovered he could create an app that could read the data in macOS' keychain, which stores private password and keys, without the need for explicit privileges or admin access.
He created a proof-of-concept malware which could dig into the keychain data, noting that such malware could be hidden in a macOS app or behind a webpage as executable code, reported Forbes.

It's a pretty serious flaw, but at the time of writing, no fix looks to be in the works. That's because Henze hasn't informed Apple, as he explained to Forbes that there's no payment for disclosing his security discovery, so he won't flag it to Cupertino's engineers.
The problem seems to stem from Apple's bug bounty being invite-only, meaning non-pro white hats like Henze get left out in the cold.
Click to expand...

guest · Mar 3, 2019

Researcher who found macOS Keychain security hole is sharing details with Apple, even though company yet to promise macOS bug bounty program
March 3, 2019
https://9to5mac.com/2019/03/03/no-mac-os-bug-bounty-keychain-exploit-update/

Henze is obviously upset that his work will seemingly go unpaid, unless Apple changes its mind soon. Around the time that we originally covered the bug, Henze says that he received communication from Apple asking him to send them the details of the exploit. He said he would if he could get a commensurate payout for his findings

On February 8th, Henze sent Apple Security an email asking for an official statement as to why Apple is not offering a bug bounty program for Mac users.

[...] Attached is an image of what I wrote. pic.twitter.com/GcNv8VQISH
— Linus Henze (@LinusHenze) February 8, 2019
This email was also apparently ignored. It’s disappointing that Apple would not at least acknowledge that a macOS bug bounty program is in the works. With his stunts falling on seemingly deaf ears, he has now submitted an explanation of his exploit to Apple as he believes a critical patch is necessary to protect Mac users.
Click to expand...

zapjb · Mar 3, 2019

apple not going to pay the kid? Well ***** you apple.

guest · Jun 1, 2019

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack
June 1, 2019
https://www.wired.com/story/keysteal-apple-keychain-attack-shenanigans/

Dubbed KeySteal, the attack called attention to the fact that the macOS keychain makes a very attractive target for hackers. Apple patched the flaw that KeySteal was exploiting at the end of March.

Initially, Henze refused to share details of his hack with Apple, [...] Now, having eventually changed his mind and revealed it to Apple, he is also showing exactly how it works at the Objective by the Sea Mac security conference in Monaco this weekend.
While it's always possible someone else discovered and exploited the KeySteal vulnerability before Apple patched it, Henze says he thinks it's unlikely.

The KeySteal attack works by exploiting a flaw that is not in Apple’s keychain itself, but in a security service that facilitates connections between the keychain and other macOS applications.
"I hate to say it, but I really wasn’t particularly surprised by KeySteal," says Thomas Reed, a Mac research specialist at the security firm Malwarebytes. "I’ve seen plenty of attacks against the keychain, so although this one was a stealthy new technique, gaining access to passwords in the keychain is far from unheard of."
Click to expand...

Rasheed187 · Jun 1, 2019

mood said: ↑

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack
June 1, 2019
https://www.wired.com/story/keysteal-apple-keychain-attack-shenanigans/
Click to expand...

Clever attack, but it should have never been possible in the first place. Don't these company hire bug and exploit hunters?

Log in or Sign up

Teen discovers password-pilfering flaw in Apple's macOS Mojave

guest Guest

guest Guest

zapjb Registered Member

guest Guest

Rasheed187 Registered Member

Log in or Sign up

Teen discovers password-pilfering flaw in Apple's macOS Mojave

guest Guest

guest Guest

zapjb Registered Member

guest Guest

Rasheed187 Registered Member

Useful Searches