Spiria logo.

macOS Keychain Access failure

February 6, 2019.


KeySteal. © Linus Henze.

Cybersecurity specialist Linuz Henze has discovered a major security breach in the Keychain Access application on macOS Mojave, which is specifically responsible for protecting all your login credentials and sensitive information (passwords, certificates, secure notes, etc.). This flaw allows access to all passwords without requiring an administrator password, which is alarming. In addition, the expert explains that he has no intention of revealing the details of the flaw to Apple, as a means of expressing his displeasure that there is no “bug bounty” — a reward program for those who discover a vulnerability — for macOS, while one exists for iOS. He also encourages other researchers to publicize the security issues they discover in order to put pressure on Apple to offer a suitable bug bounty for macOS. “Finding vulnerabilities like this one takes time, and I just think that paying researchers is the right thing to do because we’re helping Apple to make their product more secure,” he contends.

Cult of Mac, “macOS Mojave flaw puts your Keychain passwords at risk.”