Hacker discovers a MacOS exploit that is able to access system passwords

Security researcher Linus Henze recently uncovered a vulnerability within MacOS Mojave that allows an unauthorized application to steal passwords from both your Mac’s ‘login’ and ‘system’ Keychains. As macOS’ password management system, Keychain has been implemented since Mac OS 8.6, keeping user’s most important data safe and secure; however, as of late it doesn’t seem to be doing the job. A similar exploit was discovered and patched in 2017, but now Henze’s discovery, which he names KeySteal, is currently still within MacOS and available for hacker exploit.

KeySteal can access and view a system’s Keychains without requiring any permission from the user. Such action is typically protected by an administrator password needing to be entered before an application is granted access to a single part of the Keychain. The exploit itself needs to be launched when a user is logged in and could be extremely dangerous if unsuspectingly downloaded. The exploit completely bypasses security measures from Apple such as the company’s T2 security chip, and thus are entirely ineffective.

Henze’s KeySteal exploit has not been clearly explained from a technical level; he keeps the knowledge away from the public to prevent causing widespread security issues, but he has also held it from Apple. One point that has been routinely cited by MacOS security researchers is that Apple doesn’t offer a bounty for exploits as it does with its iOS platform. Thus, security researchers who spend their time discovering exploits are not rewarded for their work. It is common practice to pay security researchers for finding bugs and other exploits, putting Apple’s stance with MacOS in a unique position.

As of this moment, Apple has not commented on the exploit, nor has it issued a patch securing the vulnerability. Thus, users concerned about the KeySteal exploit should continue to follow safe security practices when downloading content from the web — not acquiring content from unknown sources and not running any applications that are unfamiliar. The previous exploit took Apple about two weeks to patch, but the researcher, Patrick Wardle, provided the company with detailed information, thus it is called into question how long it will take Apple to discover the current issue before offering the update.

Computing

Why limit yourself to one OS? Try one of these great virtual machine apps

Buying a new computer just because you want to utilize another operating system isn't necessary. Just use the best virtual machine applications to emulate one OS inside another, no matter what your platform or budget is.
Computing

Protecting your PDF with a password isn't difficult. Just follow these steps

If you need to learn how to password protect a PDF, you have come to the right place. This guide will walk you through the process of protecting your documents step-by-step, whether you're running a MacOS or Windows machine.
Computing

Speed up your system by tweaking the startup application in Windows and MacOS

Bothered by programs that automatically start when you boot your computer, or want to add a new one to the list? Here's how to change your startup programs in Windows 7, 8, and 10, along with Apple's MacOS.
Computing

These 30 useful apps are absolutely essential for Mac lovers

There are literally hundreds of thousands of great software programs compatible with MacOS, but which should you download? Look no further than our list of the best Mac apps you can find.
Web

Rid yourself of website notification requests in just a few easy steps

Wish you knew how to block browser and website notifications? You can do it on a case by case basis, but that can become dull after the 10th site has asked for your approval. Here's how to block them outright.
Computing

Don't take your provider's word for it. Here's how to test your internet speed

If you're worried that you aren't getting the most from your internet package, speed tests are a great way to find out what your real connection is capable of. Here are the best internet speed tests available today.
Computing

Decades-old Apple IIe computer found in dad’s attic, and it still works

A New York law professor went viral last weekend after he discovered an old Apple IIe computer sitting in his dad's attic. In a series of tweets, he showed that the vintage machine still works perfectly fine after 30 years.
Computing

Logitech’s G MX518 gaming mouse pairs classic looks with all-new tech

Logitech is relaunching one of its most popular classic gaming mice, the MX518. Now called the G MX518, it sports upgraded internals that give it a 16,000 DPI optical sensor and new and improved memory.
Computing

Microsoft could be planning a laptop with foldable screen, hints patent filing

Filed in late 2017 and titled "Bendable device with Display in Movable Connection With Body," the patent filing explains a new mechanism for laptops which can eliminate a hinge and allow the screen to fold shut from the inside,
Deals

From Chromebooks to MacBooks, here are the best laptop deals for February 2019

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we've got you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Computing

Is AMD's Navi back on track for 2019? Here's everything you need to know

AMD's Navi graphics cards could be available as soon as July 2019 — as long as it's not delayed by stock problems. Billed as a successor to Polaris, Navi promises to deliver better performance to consoles, like Sony's PlayStation 5.
Deals

Here are the best Chromebook deals available in February 2019

Whether you want a compact laptop to enjoy some entertainment on the go, or you need a no-nonsense machine for school or work, we've smoked out the best cheap Chromebook deals -- from full-sized laptops to 2-in-1 convertibles -- that won't…
Computing

RTX might be expensive, but the 16 series could have the best Nvidia Turing GPUs

Set to debut at a step below the RTX 2060 on the price and performance spectrums, the GTX 1660 Ti and its other 16-series brethren could be Nvidia's killer mid-range cards of 2019 — especially with Tensor Core-powered DLSS.
Computing

Ryzen 3000 chips will be powerful, and they might be launched as early as July

AMD's upcoming Ryzen 3000 generation of CPUs could be the most powerful processors we've ever seen, with higher core counts, greater clock speeds, and competitive pricing. Here's what we know so far, based on both leaks and the recent…