Skip to main content

Hacker discovers a MacOS exploit that is able to access system passwords

Security researcher Linus Henze recently uncovered a vulnerability within MacOS Mojave that allows an unauthorized application to steal passwords from both your Mac’s ‘login’ and ‘system’ Keychains. As macOS’ password management system, Keychain has been implemented since Mac OS 8.6, keeping user’s most important data safe and secure; however, as of late it doesn’t seem to be doing the job. A similar exploit was discovered and patched in 2017, but now Henze’s discovery, which he names KeySteal, is currently still within MacOS and available for hacker exploit.

KeySteal can access and view a system’s Keychains without requiring any permission from the user. Such action is typically protected by an administrator password needing to be entered before an application is granted access to a single part of the Keychain. The exploit itself needs to be launched when a user is logged in and could be extremely dangerous if unsuspectingly downloaded. The exploit completely bypasses security measures from Apple such as the company’s T2 security chip, and thus are entirely ineffective.

Henze’s KeySteal exploit has not been clearly explained from a technical level; he keeps the knowledge away from the public to prevent causing widespread security issues, but he has also held it from Apple. One point that has been routinely cited by MacOS security researchers is that Apple doesn’t offer a bounty for exploits as it does with its iOS platform. Thus, security researchers who spend their time discovering exploits are not rewarded for their work. It is common practice to pay security researchers for finding bugs and other exploits, putting Apple’s stance with MacOS in a unique position.

As of this moment, Apple has not commented on the exploit, nor has it issued a patch securing the vulnerability. Thus, users concerned about the KeySteal exploit should continue to follow safe security practices when downloading content from the web — not acquiring content from unknown sources and not running any applications that are unfamiliar. The previous exploit took Apple about two weeks to patch, but the researcher, Patrick Wardle, provided the company with detailed information, thus it is called into question how long it will take Apple to discover the current issue before offering the update.

Editors' Recommendations

Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
Apple fixed one of my biggest macOS gripes with Sonoma — but I still want more
Federighi talking about Continuity Camera.

Apple’s macOS Sonoma update has just been launched and, let’s be honest here, it’s a pretty modest upgrade (probably thanks to the work required on the Vision Pro’s software). Still, when Apple unveiled Sonoma a few months ago, there was one feature that got me excited: Continuity Camera.

This nifty tool lets you use your iPhone as a high-quality webcam. Sure, it actually debuted with macOS Ventura, but this year we’ve got much more control over how it works. Sliders! Toggles! Yes, it’s all here.

Read more
Update your Apple devices now to fix these dangerous exploits
A person using a laptop with a set of code seen on the display.

If you’re an Apple user -- whether you have a Mac, an iPhone, an iPad, or an Apple Watch -- you need to update your devices as soon as possible. That’s because Apple has discovered three actively exploited vulnerabilities that could cause your devices serious harm, and the patches are already out to fix them.

One of the bugs was found in Apple’s Security framework and would allow a malicious app to completely bypass a device’s signature validation. Another bug concerns the WebKit browser engine and could grant a threat actor the ability to run arbitrary code when a victim views a certain web page.

Read more
This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram
A dark mystery hand typing on a laptop computer at night.

A massive security bug has just been discovered that affects WebP images used in untold numbers of websites and apps, and it could potentially let hackers break into your computer and extract data from it. In fact, Google has already seen it being actively exploited in the wild. Because of that, it’s essential that you patch your computer as soon as possible.

The discovery has been detailed by researcher Alex Ivanovs, who wrote about the bug in a blog post. Right now, it seems to affect almost all of the best web browsers, including Chrome, Firefox, Edge, and Brave. WebP images are used all over the web, meaning huge numbers of sites and apps could be affected.

Read more