Skip to main content

Researcher Declines to Share Zero-Day macOS Keychain Exploit with Apple

posted onFebruary 6, 2019
by l33tdawg
Bleeping Computer
Credit: Bleeping Computer

Security researcher Linus Henze demoed a zero-day macOS exploit impacting the Keychain password management system which can store passwords for applications, servers, and websites, as well as sensitive information related to banking accounts.

All the data stored in the macOS Keychain app is encrypted by default, blocking other users or third-party apps from gaining access to it without proper permissions.

The vulnerability found by Henze in Apple's macOS operating system last week is present "in the keychain's access control" and it could allow a potential attacker to steal Keychain passwords from any local user account on the Mac, without the need of admin privileges nor the keychain master password. According to the researcher, the zero-day he found works "as long as the keychain is unlocked (which it usually is as long as you’re logged in), except for the System keychain - containing WiFi passwords etc. - which may be locked."

Source

Tags

Security Apple

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th