LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Other *NIX
User Name
Password
Other *NIX This forum is for the discussion of any UNIX platform that does not have its own forum. Examples would include HP-UX, IRIX, Darwin, Tru64 and OS X.

Notices


Reply
  Search this Thread
Old 02-10-2019, 04:40 AM   #1
l0f4r0
Member
 
Registered: Jul 2018
Location: Paris
Distribution: macOS, Slackware
Posts: 786

Rep: Reputation: 270Reputation: 270Reputation: 270
KeySteal - Stealing your keychain passwords on macOS Mojave


https://www.youtube.com/watch?v=nYTBZ9iPqsU

Quote:
In this video, I'll show you a 0day exploit that allows me to extract all your (local) keychain passwords on macOS Mojave (and lower versions).
Without root or administrator privileges and without password prompts of course.

This is not the first time.
You might remember KeychainStealer from @patrickwardle, released 2017 for macOS High Sierra, which can also steal all your keychain passwords.
While the vulnerability he used is already patched, the one I found still works, even in macOS Mojave.

I won't release this.
The reason is simple: Apple still has no bug bounty program (for macOS), so blame them.

Under #OhBehaveHack (yes, I really like the Austin Powers movies) I will release more videos showing vulnerabilities in the future.
#OhBehaveApple will be for vulnerabilities found in Apple products.
Maybe this forces Apple to open a bug bounty program at some time.
 
Old 02-10-2019, 11:04 PM   #2
JWJones
Senior Member
 
Registered: Jun 2009
Location: Cascadia
Posts: 1,213

Rep: Reputation: 501Reputation: 501Reputation: 501Reputation: 501Reputation: 501Reputation: 501
Good to know, as I also use the macOS.
 
  


Reply

Tags
0-day, keychain, macos, vulnerability


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to Make Ubuntu Look Like macOS Mojave 10.14 LXer Syndicated Linux News 0 02-09-2019 02:31 AM
No public feedback details for macOS Mojave on App Store l0f4r0 Other *NIX 3 11-04-2018 04:31 PM
[SOLVED] Reading from keychain failed with error: 'No keychain service available' folatt Linux - Newbie 2 12-30-2016 04:55 AM
Stealing website passwords dakramer Linux - Newbie 6 05-20-2009 06:27 AM
Dell 64Mb USB KeyChain robert_81 Linux - Newbie 15 09-04-2003 08:16 PM

LinuxQuestions.org > Forums > Other *NIX Forums > Other *NIX

All times are GMT -5. The time now is 09:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration