Teenager Finds MacOS Exploit That Steals Password From the Keychain →

February 8, 2019 · 11:57 · Wojtek Pietrusiewicz

Thomas Brewster, writing for Forbes:

[…] German 18-year-old Linus Henze has uncovered a vulnerability affecting the latest Apple macOS that leaves stored passwords open to malicious apps. That could include logins for your bank website, Amazon, Netflix, Slack and many more apps. And even though this is a Mac-only bug, if you’re using the iCloud keychain, passwords synced across iPhones and Macs may also be in danger.

To make matters worse, it’s likely that no fix is in the works. Henze isn’t disclosing his findings to Apple, telling Forbes the lack of payment for such research was behind his decision to keep the hack’s details secret from the Cupertino giant.

This is bad and while I understand why he doesn’t want to disclose it to Apple, all MacOS users are susceptible to a security breach.


Related posts

  1. Vulnerability in Safari Allowed Unauthorized Websites to Access iOS and macOS Webcams Ryan Pickren: This vulnerability allowed malicious websites to masquerade as trusted websites when viewed on Desktop...
  2. Repair File Sharing After Security Update 2017-001 for macOS High Sierra 10.13.1 Apple pushed a security update for the huge High Sierra vulnerability...
  3. IOHIDeous — Mac 0day Siguza: This is the tale of a macOS-only vulnerability in IOHIDFamily...
  4. UAE Used Cyber Super-Weapon to Spy on iPhones of Foes Joel Schectman, for Reuters: The ex-Raven operatives described Karma as a tool...
  5. Hackers Are Passing Around a Megaleak of 2.2 Billion Records Andy Greenberg, reporting for Wired: When hackers breached companies like Dropbox and LinkedIn...
  6. Facebook Demanding Some New Users’ Email Passwords Kevin Poulsen: Just two weeks after admitting it stored hundreds of...
  7. SIM Swap Horror Story: I’ve Lost Decades of Data and Google Won’t Lift a Finger Matthew Miller, on ZDNet: First they hijacked my T-Mobile service, then...
  8. Apple Mail Stores Encrypted Emails in Plain Text Database (Fix Included!) Bob Gendler: The main thing I discovered was that the snippets.db database...
  9. How Rob Lost Control of His Bank Accounts to a Phone Scammer Rob Griffiths, on Robservatory: Yesterday, instead of having a productive afternoon at home,...
  10. Hacker Decrypts Apple’s Secure Enclave Processor Firmware iClarified: Hacker xerub has posted the decryption key for Apple’s Secure...

Powered by zenbox.pl

Chcesz zwrócić mi na coś uwagę lub skomentować? Zapraszam na @morid1n.

Comments are closed.