In early February, an 18-year-old German security researcher named Linus Henze demonstrated a macOS attack that would allow a malicious application to grab passwords from Apple’s protected keychain. “You know, the ones ‘securely’ stored so that no one can steal them :)” he wrote. Dubbed KeySteal, the attack called attention to the fact that the macOS keychain makes a very attractive target for hackers. Apple patched the flaw that KeySteal was exploiting at the end of March.
Initially, Henze refused to share details of his hack with Apple, telling media outlets that it was because the company does not have a bug bounty program for macOS. Now, having eventually changed his mind and revealed it to Apple, he is also showing exactly how it works at the Objective by the Sea Mac security conference in Monaco this weekend.
“I think the keychain is really good, because it’s way better storing your passwords in the keychain than to reuse all your passwords,” Henze told WIRED ahead of his talk. “But I show how I exploited the keychain, how I found the bug, and how the full exploit works. I think the vulnerability has been in macOS for a long time, maybe five years or perhaps more.”
MacDailyNews Take: Thanks to Henze, Apple’s Keychain is more secure today!
Apple should have a bug bounty program for macOS. Hopefully, they’ll unveil it at WWDC on Monday.