KeySteal exploit can steal macOS Keychain user passwords. Over the weekend, a German security researcher published a video showing a new zero-day affecting the macOS desktop operating system of Apple.
In an interview with the German tech site Heise, security researcher Linus Henze says the vulnerability allows a malicious application running on a macOS system to access passwords stored in the Keychain-the password managementsystem built into all distributions of macOS.
The exploit is highly efficient because the malicious app does not need admin access to retrieve passwords from the keychain file of the user, and it can even retrieve the contents of other keychain files that store passwords for other users of macOS.
Henze has not published a proof-of-concept code to support his finding, except for a YouTube video, but a well-respected Apple security researcher confirmed in today’s Forbes article that the exploit exists and works as described in an interview with the German news website. Before going public with his video, Henze did not report the vulnerability to Apple.
The main reason he cited was the company’s lack of a bug bounty program for macOS. For other products, Apple runs bug bounty programs, but not for macOS. Speaking to ZDNet, Henze said Apple’s security team reached out yesterday after his research began to focus on the media.
The Apple security team asked for more details, but it declined if they did not start a bug bounty for macOS and reward security researchers for the bugs found in macOS. ” even if it looks like I’m just doing it for money, in this case it’s not my motivation, “Henze told ZDNet today
“My motivation is to get Apple to create a bug bounty program. I think it’s the best for Apple and researchers.” “I really love Apple products, and I want to make them safer, and I think the best way to make them safer is if Apple creates a bug bounty program (as other big companies already have), “the researcher told us. Before the publication of this article, an Apple spokesperson did not return a ZDNet comment request.
Henze ‘s zero-day macOS, which he calls KeySteal, is somewhat similar to another zero-day macOS called KeychainStealer, which Patrick Wardle discovered in September 2017. Coincidentally, Wardle is an independent security expert from Apple who confirmed Henze ‘s zero-day today for Forbes.