The researcher demoed an app called “KeySteal” on YouTube (you can see it in action below), which appears to be capable of extracting login and system passwords from the macOS Keychain utility without the need of the administrator (root) password.
Linus Henze’s KeySteal app leverages a new macOS Keychain exploit, so it works even if the Access Control Lists (ACL) and System Integrity Protection (SIP) are not configured. But the good news is that this vulnerability doesn’t affect your iCloud Keychain credentials.
The Keychain exploit discovered by Linus Henze looks to affect the latest macOS Mojave 10.14 operating system series from version 10.14 to 10.14.3. However, the researcher refuses to share any details with Apple about his vulnerability in protest that the tech giant doesn’… (read more)
Source link
Remember to like our Facebook and follow us on Twitter @iOSMode for a chance to win a free iPad Pro every month!
Quick Links: Download iPhone & iPad Wallpapers | Download iOS Games | Download iOS Apps