Security Specialist Linus Henzepublicly demonstrated that MacOS Mojave has a vulnerability that allows, without having administrator or superuser privileges, access to all logins and passwords stored in the Apple branded application for storing this confidential information - Keychain.
Via KeySteal, an application created forexploiting this vulnerability, Linus was able to access Keychain passwords on macOS Mojave 10.14.3. Failure affects only in local mode, not the information stored in iCloud. The only way to protect yourself is to include the password in Keychain or log out after a certain period of inactivity. Henze does not recommend using these parameters, since the user will have to deal with pop-up screens that will appear each time the application is launched.
The real solution for Apple is to release an update.systems, however, to begin with, the company's specialists will need to find a “hole”. The analyst stressed that he does not intend to share information about the bug with the company, since there is no reward program for finding vulnerabilities in macOS. Henze calls on his colleagues to do the same. At the moment, Apple offers only the amount of up to $ 200,000 for those who detect security errors in the mobile iOS.