An 18year-old, German researcher (Linus Henze) has found a serious, zero day password leak vulnerability in macOS’s key store, but he refuses to share the technical details with Apple. Turns out, Apple only offers iOS bug bounties, not macOS ones, and this researcher is protesting that fact. Watch the video below to learn more about this critical vulnerability, and where my allegiance stands in this vulnerability disclosure drama.
Show note: We are back to our good equipment and decent audio. Sorry for the temporary drop in production quality the last few videos.
Episode Runtime: 3:32
Direct YouTube Link: https://www.youtube.com/watch?v=IKng9oy1XB8
EPISODE REFERENCES:
- Young researcher not sharing tech detail about his KeySteal vulnerability – Engadget
- Critical macOS vulnerability allows attackers to steal passwords from Keychain – MacRumors
—Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply