Researcher Demos Keychain Exploit But Refuses To Help Apple

A security researcher posted a video of a piece of malware he developed that could be used to access parts of a Mac’s Keychain. However, instead of informing Apple of the issue and how to reproduce it so Apple can fix it, he is holding back in protest since Apple does not offer bounties for reporting such bug on macOS.

The exploit itself, while sounding scary, appears to require that malware be downloaded and installed to the Mac, which would mean a compromised machine with or without this exploit. In addition, it can only access local Keychain items, and not the iCloud Keychain which is where users usually store sensitive information like passwords.