Security Specialist Linus Henzepublicly demonstrated that MacOS Mojave has a vulnerability that allows, without having administrator or superuser privileges, access to all logins and passwords stored in the Apple branded application for storing this confidential information - Keychain.
Via KeySteal, an application created forexploiting this vulnerability, Linus was able to access Keychain passwords on macOS Mojave 10.14.3. Failure affects only in local mode, not the information stored in iCloud. The only way to protect yourself is to include the password in Keychain or log out after a certain period of inactivity. Henze does not recommend using these parameters, since the user will have to deal with pop-up screens that will appear each time the application is launched.
The real solution for Apple is to release an update.systems, however, to begin with, the company's specialists will need to find a “hole”. The analyst stressed that he does not intend to share information about the bug with the company, since there is no reward program for finding vulnerabilities in macOS. Henze calls on his colleagues to do the same. At the moment, Apple offers only the amount of up to $ 200,000 for those who detect security errors in the mobile iOS.
Source: 9to5mac.com
Related articles
Google Pixelbook Go review: a worthwhile Chromebook- Hackers managed to hack Tesla Model 3 (3 photos)
- OnePlus concept smartphone responds to user's breath (video)
- Some ants can change the size of their brains. Why are they doing this?
- Privacy of correspondence, conversations and medical secrecy may be canceled in Russia
- Samsung Galaxy S10 5G - the first flagship with 5G and ToF (7 photos)
- MWC-2019: Nokia 1 Plus
- Electricity price for 4G and 5G base station. This Europe is on fire!
