Researcher details macOS vulnerability but refuses to share information with Apple

An 18-year-old German security researcher has published details of a serious vulnerability in macOS but refused to share the details with Apple as a protest against the company’s not having a bug bounty program. The researcher, Linus Henze, demonstrated the “KeySteal” vulnerability on video, claiming that it was a macOS Mojave exploit that allowed access to passwords stored in the Keychain. Keychain is the password management system app in macOS that holds encrypted passwords for services both from Apple and third parties such as social networking sites and apps.

Read full news article on SiliconANGLE