Technology 3 min read

YouTuber Discovers Massive Security Flaw in Mac OS

Linus Henze, a German data security expert, has discovered a breach in Apple's Mac OS system allowing any user to steal the passwords and any sensitive information from any Mac system.

Apple's Mac OS systems are under threat due to a security flaw in their authentication system. | Shutterstock

Apple's Mac OS systems are under threat due to a security flaw in their authentication system. | Shutterstock

According to German security researcher Linus Henze, Apple’s macOS is vulnerable to a new zero-day. A zero-day vulnerability is a software security flaw that the vendor is aware of, but has no patch in place to fix it. As a result, it can easily be exploited by cybercriminals.

Speaking to German tech site Heise, Henze explained the nature of the vulnerability. He claimed that the security flaw gives a malicious app that’s running on your macOS access to the inbuilt password management system, Keychain. This gives the system unhindered access to all stored passwords.

According to the security researcher, the exploit is so efficient that the malicious app does not require admin access to retrieve your passwords from Keychain.

Although Henze did not publish a proof-of-concept code to support his claim, another reliable Apple security researcher confirmed it in a Forbes post. Former NSA analyst Patrick Wardle tested and confirmed the existence of the exploit. In a statement to Forbes, Wardle said:

“It’s a little disheartening that Apple can’t figure out how to secure the keychain. What’s the point of creating something to store all the most sensitive information on the system if that mechanism itself is consistently insecure.”

Read More: How to Protect Yourself From Apple’s FaceTime Bug

Rather than report the vulnerability to Apple, Henze simply went public with his YouTube video. When asked, the German security researcher cited the apparent absence of a bug bounty program as the reason.

While Apple offers an invite-only bounty program for iOS, it’s almost like the tech company doesn’t care about macOS, said Henze.

However, after the video started gaining media attention, Apple reached out to the researcher to ask for the details. But Henze declined, asking that the company must create a bug bounty for macOS before he could reveal anything.

In a statement to ZDNet, Linus Henze said;

“I really love Apple products, and I want to make them more secure. And the best way to make them more secure would be, in my opinion, if Apple creates a bug bounty program (like other big companies already have).”

Apple has not issued a statement yet. But since Linus Henze won’t disclose the details, we’re not expecting any fix from the company.

Until Apple figures it out, you may want to lock your MacBook away to keep your passwords safe.

 

Found this article interesting?

Let Sumbo Bello know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.


Profile Image

Sumbo Bello

Sumbo Bello is a creative writer who enjoys creating data-driven content for news sites. In his spare time, he plays basketball and listens to Coldplay.

Comments (0)
Most Recent most recent
You
111
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.