![Hacker Discovers Zero-day Exploit That Allows for Extraction of All Passwords on macOS Mojave [Video]](/images/news/69446/338888/338888-64.png "Hacker Discovers Zero-day Exploit That Allows for Extraction of All Passwords on macOS Mojave [Video]")
Hacker Discovers Zero-day Exploit That Allows for Extraction of All Passwords on macOS Mojave [Video]
Posted February 6, 2019 at 9:13pm by
Shalom Levytam
Hacker Linus Henze has discovered a zero-day exploit that allows for the extraction of all keychain passwords on macOS Mojave; however, he says the vulnerability will not be disclosed to Apple until the company launches a macOS bug bounty program.
The exploit was demonstrated in a video posted to YouTube.
In this video, I'll show you a 0day exploit that allows me to extract all your (local) keychain passwords on macOS Mojave (and lower versions). Without root or administrator privileges and without password prompts of course.
Henze notes that this is not the first time this type of exploit has been found.
You might remember KeychainStealer from @patrickwardle, released 2017 for macOS High Sierra, which can also steal all your keychain passwords. While the vulnerability he used is already patched, the one I found still works, even in macOS Mojave.
The hacker hopes his video will force Apple to launch a bug bounty program for macOS.
I won't release this. The reason is simple: Apple still has no bug bounty program (for macOS), so blame them. ... Maybe this forces Apple to open a bug bounty program at some time.
Take a look at the video below...
The exploit was demonstrated in a video posted to YouTube.
In this video, I'll show you a 0day exploit that allows me to extract all your (local) keychain passwords on macOS Mojave (and lower versions). Without root or administrator privileges and without password prompts of course.
Henze notes that this is not the first time this type of exploit has been found.
You might remember KeychainStealer from @patrickwardle, released 2017 for macOS High Sierra, which can also steal all your keychain passwords. While the vulnerability he used is already patched, the one I found still works, even in macOS Mojave.
The hacker hopes his video will force Apple to launch a bug bounty program for macOS.
I won't release this. The reason is simple: Apple still has no bug bounty program (for macOS), so blame them. ... Maybe this forces Apple to open a bug bounty program at some time.
Take a look at the video below...
![Apple Shares Behind-the-Scenes Look at Titan X in 'Monarch: Legacy of Monsters' [Video]](/images/news/100205/100205/100205-160.jpg "Apple Shares Behind-the-Scenes Look at Titan X in 'Monarch: Legacy of Monsters' [Video]")
![MacBook Neo Teardown Reveals a Surprisingly Modular, Glue-Free Design [Video]](/images/news/100203/100203/100203-160.jpg "MacBook Neo Teardown Reveals a Surprisingly Modular, Glue-Free Design [Video]")
![Apple Orders 12GB LPDDR5X RAM From Samsung for Foldable iPhone [Report]](/images/news/100202/100202/100202-160.jpg "Apple Orders 12GB LPDDR5X RAM From Samsung for Foldable iPhone [Report]")
![Apple's Foldable iPhone to Feature iPad-Like Interface With Side-by-Side Apps [Report]](/images/news/100199/100199/100199-160.jpg "Apple's Foldable iPhone to Feature iPad-Like Interface With Side-by-Side Apps [Report]")
![Apple's New M5 MacBook Air Drops to $1,049 in Early Amazon Sale [Deal]](/images/news/100206/100206/100206-160.jpg "Apple's New M5 MacBook Air Drops to $1,049 in Early Amazon Sale [Deal]")
![Apple's New M4 iPad Air is Already on Sale for $559 Ahead of Launch [Deal]](/images/news/100174/100174/100174-160.jpg "Apple's New M4 iPad Air is Already on Sale for $559 Ahead of Launch [Deal]")
![Apple AirPods 4 (ANC) Back On Sale for $119 [Deal]](/images/news/100103/100103/100103-160.jpg "Apple AirPods 4 (ANC) Back On Sale for $119 [Deal]")
![Apple's Official iPhone Crossbody Strap Drops to Just $23.71 (60% Off) [Deal]](/images/news/100069/100069/100069-160.jpg "Apple's Official iPhone Crossbody Strap Drops to Just $23.71 (60% Off) [Deal]")
