September 27, 2020

Researcher discovered the macOS keychain vulnerability decided to announce all details to Apple

1 min read

Without any bonus from Apple, Linus Henze decided to submit a serious bug to Apple about the macOS keychain security software. He had chosen to hide the details of the bug before to protest why Apple did not launch the Bug Bounty program for the macOS platform, but now he thinks the problem is too serious and decided not to hide it himself.

Although Apple ignored all the conditions he had previously proposed, the researcher from Germany in early February showed Apple all the details of the keychain security breach. Henze said he has decided to disclose all the details to Apple because he found this error is very critical and said that because the security of macOS users is very important to him.

macOS keychain vulnerability

In a demo video released in early February, he showed that an attacker with ulterior motives could exploit the vulnerability to collect all sensitive data on a Mac device without administrator privileges (or administrator password).