macOS
Apple
KeySteal
Henze
Sea Mac
Malwarebytes
iOS
CNMN Collection
Nast
Condé Nast
Linus Henze
Thomas Reed
program."Researchers
German
No matching tags
California Privacy Rights
Monaco
Safari
No matching tags
It does require tricking a target into downloading an app that secretly contains the malicious KeySteal exploit, but that’s a strategy hackers successfully use all the time.The KeySteal attack works by exploiting a flaw that is not in Apple’s keychain itself, but in a security service that facilitates connections between the keychain and other macOS applications. This way, if a program has a vulnerability, an attacker exploiting it still won't be able to get beyond its sandbox to do larger damage.Henze noticed that from within Safari, programs could talk to the security service that also manages the keychain to check things like passwords and web encryption certificates. "I’ve seen plenty of attacks against the keychain, so although this one was a stealthy new technique, gaining access to passwords in the keychain is far from unheard of."Henze, who just turned 19, points out that Apple's bug bounty is only for the most critical iOS flaws like kernel bugs and doesn't apply to a vulnerability like KeySteal in a macOS application.
As said here by Lily Hay Newman