Just last week, a 14-year-old teenager from Arizona, United States had found a bug in FaceTime's group video calling feature that turned the iPhones running on iOS 12 into a spying device. And now, another teenager has discovered another bug in Apple's operating system that leaves the passwords stored in company's MacOS open to hackers.
According to a report by Forbes, Linus Henze, an 18-year-old security reseacher from Germany, has found a vulnerability in Apple's desktop-based operating system, MacOS Mojave, that leaves the passwords stored in the keychain open to be exploited by malicious apps. The exploit seems to be using a system's login and keychain to access the necessary, bypassing the need to require admin privileges. With vulnerability like that, malicious actors could use apps to extract login details to your financial accounts and other social media accounts.
The report noted that while the exploit doesn't seem to affect the iClouds keychain, however, if the iCloud account on your MacBook, iPhone or iPad are synced, the vulnerability could pose a threat to your connected devices as well.
What's concerning is that there seems to be no fix in the making for this vulnerabilty. In case you are wondering if Apple is not interested in fixing the vulnerability as soon as possible, the answer is that it is, or so it has been in the past. However, Henze seems to be in no mood to share the details of the bug with the Cupertino, California. But don't Henze yet, for he has a valid reason for keeping this findings a secret. And the reason is the company's bug bounty program.
Apple's bug bounty program works on an invite-only basis and it supports its mobile operating system, iOS, only. Under the circumstances, Henze has decided not to share the details with Apple as he believes that the company isn't fair to the researhers who painstakingly find the bugs and help in making its systems secure.
"It's like they don't really care about macOS...Finding vulnerabilities like this one takes time, and I just think that paying researchers is the right thing to do because we're helping Apple to make their product more secure," Henze told Forbes.
Instead, he is sharing the details of the hack with the world via a YouTube video.
Gloss