Share your knowledge at the LQ Wiki.
Go Back > Forums > Other *NIX Forums > Other *NIX
User Name
Other *NIX This forum is for the discussion of any UNIX platform that does not have its own forum. Examples would include HP-UX, IRIX, Darwin, Tru64 and OS X.


  Search this Thread
Old 02-10-2019, 03:40 AM   #1
Registered: Jul 2018
Location: Paris
Distribution: macOS, Slackware
Posts: 803

Rep: Reputation: 281Reputation: 281Reputation: 281
KeySteal - Stealing your keychain passwords on macOS Mojave

In this video, I'll show you a 0day exploit that allows me to extract all your (local) keychain passwords on macOS Mojave (and lower versions).
Without root or administrator privileges and without password prompts of course.

This is not the first time.
You might remember KeychainStealer from @patrickwardle, released 2017 for macOS High Sierra, which can also steal all your keychain passwords.
While the vulnerability he used is already patched, the one I found still works, even in macOS Mojave.

I won't release this.
The reason is simple: Apple still has no bug bounty program (for macOS), so blame them.

Under #OhBehaveHack (yes, I really like the Austin Powers movies) I will release more videos showing vulnerabilities in the future.
#OhBehaveApple will be for vulnerabilities found in Apple products.
Maybe this forces Apple to open a bug bounty program at some time.
Old 02-10-2019, 10:04 PM   #2
Senior Member
Registered: Jun 2009
Location: Cascadia
Posts: 1,225

Rep: Reputation: 512Reputation: 512Reputation: 512Reputation: 512Reputation: 512Reputation: 512
Good to know, as I also use the macOS.


0-day, keychain, macos, vulnerability

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to Make Ubuntu Look Like macOS Mojave 10.14 LXer Syndicated Linux News 0 02-09-2019 01:31 AM
No public feedback details for macOS Mojave on App Store l0f4r0 Other *NIX 3 11-04-2018 03:31 PM
[SOLVED] Reading from keychain failed with error: 'No keychain service available' folatt Linux - Newbie 2 12-30-2016 03:55 AM
Stealing website passwords dakramer Linux - Newbie 6 05-20-2009 05:27 AM
Dell 64Mb USB KeyChain robert_81 Linux - Newbie 15 09-04-2003 07:16 PM > Forums > Other *NIX Forums > Other *NIX

All times are GMT -5. The time now is 09:42 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration