Researcher Reveals a Severe, Unpatched Mac Password Flaw To Protest Apple Bug Bounty
Wednesday February 6, 2019. 05:45 PM , from Slashdot/Apple
While the demo is run on a 2014 MacBook Pro without Apple's latest security chips, Henze says that it works 'without root or administrator privileges and without password prompts, of course.' It appears to work on the Mac's login and system keychains, but not iCloud's keychain. Generally, white hat security researchers publicly reveal flaws like this only after informing the company and giving it ample time to fix the issues. But Henze is refusing to assist Apple because it doesn't offer paid bug bounties for macOS.
Read more of this story at Slashdot.
Feb, Sun 17 - 17:44 CET