![Hacker Discovers Zero-day Exploit That Allows for Extraction of All Passwords on macOS Mojave [Video]](/images/news/69446/338888/338888-64.png "Hacker Discovers Zero-day Exploit That Allows for Extraction of All Passwords on macOS Mojave [Video]")
Hacker Discovers Zero-day Exploit That Allows for Extraction of All Passwords on macOS Mojave [Video]
Posted February 6, 2019 at 9:13pm by
Shalom Levytam
Hacker Linus Henze has discovered a zero-day exploit that allows for the extraction of all keychain passwords on macOS Mojave; however, he says the vulnerability will not be disclosed to Apple until the company launches a macOS bug bounty program.
The exploit was demonstrated in a video posted to YouTube.
In this video, I'll show you a 0day exploit that allows me to extract all your (local) keychain passwords on macOS Mojave (and lower versions). Without root or administrator privileges and without password prompts of course.
Henze notes that this is not the first time this type of exploit has been found.
You might remember KeychainStealer from @patrickwardle, released 2017 for macOS High Sierra, which can also steal all your keychain passwords. While the vulnerability he used is already patched, the one I found still works, even in macOS Mojave.
The hacker hopes his video will force Apple to launch a bug bounty program for macOS.
I won't release this. The reason is simple: Apple still has no bug bounty program (for macOS), so blame them. ... Maybe this forces Apple to open a bug bounty program at some time.
Take a look at the video below...
The exploit was demonstrated in a video posted to YouTube.
In this video, I'll show you a 0day exploit that allows me to extract all your (local) keychain passwords on macOS Mojave (and lower versions). Without root or administrator privileges and without password prompts of course.
Henze notes that this is not the first time this type of exploit has been found.
You might remember KeychainStealer from @patrickwardle, released 2017 for macOS High Sierra, which can also steal all your keychain passwords. While the vulnerability he used is already patched, the one I found still works, even in macOS Mojave.
The hacker hopes his video will force Apple to launch a bug bounty program for macOS.
I won't release this. The reason is simple: Apple still has no bug bounty program (for macOS), so blame them. ... Maybe this forces Apple to open a bug bounty program at some time.
Take a look at the video below...
![Apple Expands John Ternus' Role to Oversee Design in Latest Sign of CEO Succession [Report]](/images/news/99718/99718/99718-160.jpg "Apple Expands John Ternus' Role to Oversee Design in Latest Sign of CEO Succession [Report]")
![Apple Shares Trailer for 'Top Dogs' Immersive Docuseries on Vision Pro [Video]](/images/news/99713/99713/99713-160.jpg "Apple Shares Trailer for 'Top Dogs' Immersive Docuseries on Vision Pro [Video]")
![Apple Exploring AirTag-Sized AI Wearable With Cameras and Microphones [Report]](/images/news/99708/99708/99708-160.jpg "Apple Exploring AirTag-Sized AI Wearable With Cameras and Microphones [Report]")
![Apple to Transform Siri Into ChatGPT-Like AI Chatbot in iOS 27 [Report]](/images/news/99705/99705/99705-160.jpg "Apple to Transform Siri Into ChatGPT-Like AI Chatbot in iOS 27 [Report]")
![Apple's Internal AI Tools Show How the Company Is Testing Its Next-Gen Models [Report]](/images/news/99703/99703/99703-160.jpg "Apple's Internal AI Tools Show How the Company Is Testing Its Next-Gen Models [Report]")
![Apple's 13-Inch M5 iPad Pro (1TB) Hits New All-Time Low at $1,706 [Deal]](/images/news/99716/99716/99716-160.jpg "Apple's 13-Inch M5 iPad Pro (1TB) Hits New All-Time Low at $1,706 [Deal]")
![Apple Pro Display XDR Drops to $3,999 With Massive $1,000 Discount [Deal]](/images/news/99684/99684/99684-160.jpg "Apple Pro Display XDR Drops to $3,999 With Massive $1,000 Discount [Deal]")
![Beats iPhone 17 Pro Kickstand Case Drops to $20.99, 64% Off [Deal]](/images/news/99680/99680/99680-160.jpg "Beats iPhone 17 Pro Kickstand Case Drops to $20.99, 64% Off [Deal]")
![Roku 55-inch 4K Smart TV Drops to $278 With AirPlay and Apple TV App [Deal]](/images/news/99674/99674/99674-160.jpg "Roku 55-inch 4K Smart TV Drops to $278 With AirPlay and Apple TV App [Deal]")
