German Researcher Gives Apple Details of Mojave Keychain Flaw, Despite no Bug Bounty

LONDON – Security researcher Linus Henze handed over all the detail of a macOS Keychain bug he discovered, AppleInsider reported. This is despite not receiving any money from Apple. The company does not have a bug bounty program. Mr. Henze had previously withheld the information. He wanted Apple to start offering a bug bounty for security flaws researchers bring them. He discovered an exploit which allowed apps to see passwords held in the macOS Mojave keychain.
German teenager Linus Henze has sent Apple full details of a Keychain security exploit that he demonstrated in early February, and has done so despite the company ignoring his previous conditions. Henze says that he has decided to reveal the details to Apple because the bug he’s found “is very critical and because the security of macOS users is important to me.”