author photo
By SecureWorld News Team
Tue | Mar 26, 2019 | 10:13 AM PDT

Apple released a software update yesterday covering a range of its products, addressing 51 security bugs in total. 

Naked Security reports:

The news among 38 patches in macOS Mojave users is that 10.14.4 (Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra) addresses the KeySteal flaw, a bug that was announced but not disclosed to Apple by 18-year-old German researcher, Linus Henze, in early February.

Similar to a previous flaw called keychainStealer, this could have allowed a malicious app to drain passwords out of Apple’s Keychain password manager.

Initially Henze said he was going to keep the flaw to himself as a protest over the fact that Apple doesn’t reward researchers with bounties for macOS vulnerabilities.

Some days later, he relented and decided to send the bug details to Apple anyway.

Comments