There's a Mac vulnerability that could leave passwords vulnerable to malicious apps. But, Apple can't fix it because the hacker that found it won't tell them how. Not until he gets paid, and not until Apple sets up a bounty program so all Mac security researchers will be paid.
Now German 18-year-old Linus Henze has uncovered a vulnerability affecting the latest Apple macOS that leaves stored passwords open to malicious apps. That could include logins for your bank website, Amazon, Netflix, Slack and many more apps. And even though this is a Mac-only bug, if you're using the iCloud keychain, passwords synced across iPhones and Macs may also be in danger.
To make matters worse, it's likely that no fix is in the works. Henze isn't disclosing his findings to Apple, telling Forbes the lack of payment for such research was behind his decision to keep the hack's details secret from the Cupertino giant.
That Apple still hasn't launched a Mac bounty program to go along with its existing iOS bounty program isn't just perplexing, as a customer I find it utterly unacceptable. But Henze, who has previously dropped 0day vulnerabilities on the Mac community, wrongdoing here won't make that right.
Disclose, then, in the publicity that follows, tear into Apple for not having that program launched already. (Apple has all but said outright that they're working on it.) Tech pubs would like nothing more than to plaster that headline across the internet and get all the attention needed to push Apple into action.
But, other people could have discovered this vulnerability as well and holding it hostage to extort a bounty is just unconscionable.
We may earn a commission for purchases using our links. Learn more.
Apple's market cap surpasses value of Germany's entire DAX index
Apple's share price has jumped in pre-market trading, pushing Apple's market cap value past that of Germany's entire DAX index.
Dropbox for iPhone and iPad has been updated to support dark mode
Popular cloud storage app Dropbox has now updated its iPhone and iPad app to support dark mode.
iPhone 11 was the best seller each and every week of the holiday quarter
Apple held its quarterly earnings call yesterday and it turns out tons of people bought iPhone 11.
Keep thieves' hands off your MacBook with a reliable laptop lock
Deter potential MacBook thieves with one of these locks on your MacBook.