Researcher Gives Apple Details of macOS Keychain Security Flaw Despite No Mac Bug Bounty Program

by

A German teenager who discovered a macOS Keychain security flaw last month has now shared the details with Apple, after having initially refused to hand them over because of the company's lack of a bug bounty program for the Mac.


Eighteen-year-old Linus Henze dubbed the zero-day macOS vulnerability he found "KeySteal," which, as demoed in the video above, can be used to disclose all sensitive data stored in the Keychain app.

Henze said he decided to reveal the details to Apple because the bug "is very critical and because the security of macOS users is important to me."


After Henze released the video in early February, Apple's security team reached out to him, but the researcher said he wouldn't disclose the details without a cash reward, arguing that discovering the vulnerabilities takes time.

"Even if it looks like I'm doing this just for money, this is not my motivation at all in this case," said Henze. "My motivation is to get Apple to create a bug bounty program. I think that this is the best for both Apple and Researchers."

Apple has a reward program for iOS that provides money to those who discover bugs, but there is no similar payment system for macOS bugs.

Tags: Apple Security, Exploit

Top Rated Comments

GaryMumford Avatar
GaryMumford
67 months ago
He probably cares more about the Mac OS as platform than Apple do
Score: 71 Votes (Like | Disagree)
StellarVixen Avatar
StellarVixen
67 months ago
He probably cares about Mac OS as platform, and wants to see bugs fixed.


Thank you, Linus.


Now, Apple, listen to the people, and start bug bounty program.
Score: 68 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
67 months ago
Get a bounty program for Macs. This is not a good look for Apple. There's no reason to have a program for iOS and not MacOS.
Score: 33 Votes (Like | Disagree)
sofila Avatar
sofila
67 months ago
I can't really imagine a way for blaming him and his behaviour, but I'm sure this forum won't let me disappointed
Score: 28 Votes (Like | Disagree)
chrono1081 Avatar
chrono1081
67 months ago
It’s great that Apple values our privacy, but the lack of security makes all that effort pretty much useless. I think we’ve seen more critical security bugs from Apple than from any other major company.
I'm sorry but this is just BS. I used to support Windows environments for a living, what you see on Mac is literally nothing compared to what you see on Windows.
Score: 22 Votes (Like | Disagree)
loby Avatar
loby
67 months ago
Maybe there is too many bugs in MacOS that Tim would lose to much money on the deal...
Score: 18 Votes (Like | Disagree)
Read All Comments

Popular Stories

maxresdefault

Apple Announces 'Let Loose' Event on May 7 Amid Rumors of New iPads

Tuesday April 23, 2024 7:11 am PDT by
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article265 comments
Apple Vision Pro Dual Loop Band Orange Feature 2

Apple Cuts Vision Pro Shipments as Demand Falls 'Sharply Beyond Expectations'

Tuesday April 23, 2024 9:44 am PDT by
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
Read Full Article406 comments
Apple Silicon AI Optimized Feature Siri

Apple Releases Open Source AI Models That Run On-Device

Wednesday April 24, 2024 3:39 pm PDT by
Apple today released several open source large language models (LLMs) that are designed to run on-device rather than through cloud servers. Called OpenELM (Open-source Efficient Language Models), the LLMs are available on the Hugging Face Hub, a community for sharing AI code. As outlined in a white paper [PDF], there are eight total OpenELM models, four of which were pre-trained using the...
Read Full Article63 comments
iPad And Calculator App Feature

Apple Finally Plans to Release a Calculator App for iPad Later This Year

Tuesday April 23, 2024 9:08 am PDT by
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. AppleInsider...
Read Full Article214 comments
iOS 17 All New Features Thumb

iOS 17.5 Will Add These New Features to Your iPhone

Sunday April 21, 2024 3:00 am PDT by
The upcoming iOS 17.5 update for the iPhone includes only a few new user-facing features, but hidden code changes reveal some additional possibilities. Below, we have recapped everything new in the iOS 17.5 and iPadOS 17.5 beta so far. Web Distribution Starting with the second beta of iOS 17.5, eligible developers are able to distribute their iOS apps to iPhone users located in the EU...
Read Full Article