Apple released a software update yesterday covering a range of its products, addressing 51 security bugs in total.
Naked Security reports:
The news among 38 patches in macOS Mojave users is that 10.14.4 (Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra) addresses the KeySteal flaw, a bug that was announced but not disclosed to Apple by 18-year-old German researcher, Linus Henze, in early February.
Similar to a previous flaw called keychainStealer, this could have allowed a malicious app to drain passwords out of Apple’s Keychain password manager.
Initially Henze said he was going to keep the flaw to himself as a protest over the fact that Apple doesn’t reward researchers with bounties for macOS vulnerabilities.
Some days later, he relented and decided to send the bug details to Apple anyway.