Critical Bug in the Apple MacOS KeyChain
A new Apple zero-day vulnerability for MacOS allow an attacker to extract passwords from a targeted Mac’s Keychain password management system.
According to a security researcher Linus Henze, the central Keychain of Apple macOS has a critical flaw. It allows a manipulated app to read out passwords stored in the Keychain. He claims that the flaw exist in MacOS Mojave v10.14.3 and lower. The vulnerability exists in the application’s access control and enables him to extract local keychain passwords without root or administrator privileges, and without password prompts.
A manipulated Mac app can access not only the access data including the passwords , but also other security related data in the keychain management. Although according to the researcher data of the iCloud Keychain is not affected by this vulnerability as it works differently.
However, the researcher refuses to disclose the alleged vulnerability citing Apple’s lack of macOS bug bounty program. He however said that he would not release more information about the proof-of-concept attack, which he dubbed “KeySteal,” because Apple’s bug bounty program is for iOS and does not reward vulnerability findings for macOS. Apple honors the work of security researchers only by naming and saves a lot of money in bug bounty which is sad for one of the richest company, explains Henze.
Apple Keychain Access is the password management system app in MacOS, which holds various encrypted passwords for services such as Facebook and Twitter. It was introduced with Mac OS 8.6, and has been included in all subsequent versions of Mac OS, now known as MacOS. A Keychain can contain various types of data: passwords, private keys, certificates, and secure notes.
