Security researcher demos macOS exploit to access Keychain passwords, but won’t share details with Apple out of protest

Benjamin Mayo, 9to5Mac:

Security researcher Linuz Henze has shared a video demonstration of what is claimed to be a macOS Mojave exploit to access passwords stored in the Keychain. However, he has said he is not sharing his findings with Apple out of protest.

Henze has publicly shared legitimate iOS vulnerabilities in the past, so he has a track record of credibility.

However, Henze is frustrated that Apple’s bug bounty program only applies to iOS, not macOS, and has decided not to release more information about his latest Keychain invasion.

As Apple explores changes to its bug reporting process, this should join the FaceTime eavesdropping bug as case studies for how information like this flows back to Apple.