June 22, 2024
Hacker Discovers Zero-day Exploit That Allows for Extraction of All Passwords on macOS Mojave [Video]

Hacker Discovers Zero-day Exploit That Allows for Extraction of All Passwords on macOS Mojave [Video]

Posted February 6, 2019 at 9:13pm by iClarified
Hacker Linus Henze has discovered a zero-day exploit that allows for the extraction of all keychain passwords on macOS Mojave; however, he says the vulnerability will not be disclosed to Apple until the company launches a macOS bug bounty program.

The exploit was demonstrated in a video posted to YouTube.

In this video, I'll show you a 0day exploit that allows me to extract all your (local) keychain passwords on macOS Mojave (and lower versions). Without root or administrator privileges and without password prompts of course.

Henze notes that this is not the first time this type of exploit has been found.

You might remember KeychainStealer from @patrickwardle, released 2017 for macOS High Sierra, which can also steal all your keychain passwords. While the vulnerability he used is already patched, the one I found still works, even in macOS Mojave.

The hacker hopes his video will force Apple to launch a bug bounty program for macOS.

I won't release this. The reason is simple: Apple still has no bug bounty program (for macOS), so blame them. ... Maybe this forces Apple to open a bug bounty program at some time.

Take a look at the video below...

Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
iClarified Icon
Would you like to be notified when we post a new Apple news article or tutorial?
Comments (1)
You must login or register to add a comment...
1reader - February 6, 2019 at 9:24pm
Now what?
Recent. Read the latest Apple News.
Tutorials. Help is here.
Where to Download macOS Monterey
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.