Yet another non-root password-stealing bug on Apple (Apple _never_ tests
products sufficiently - and doesn't even KNOW what this bug is yet!)
FACT:
*Yet again, Apple doesn't even do the _bare minimum_ of product testing!*
In yet another of extremely many and consistently repetitive examples that
Apple doesn't sufficiently test software for security & privacy
vulnerabilities, today this is reported by the The Register & by the BBC:
*Apple doesn't even _know_ this zero-day bug exists*!
o Where you basically own the Mac without even being root!
"The bloke who found a password-spaffing bug in macOS says
he won't divulge details on the flaw to Apple until the tech titan
agrees to properly compensate vulnerability researchers."
"Germany-based freelance bug-hunter Linus Henze says the
security weakness can be exploited by malware and other
dodgy apps running on a Mac to harvest passwords, private
keys, and tokens from the victim's keychain. Ideally, programs
shouldn't be able to snatch your Facebook or GitHub login
details, for example. Here's a video demonstrating the flaw
on the most recent version of macOS:"
<
https://youtu.be/nYTBZ9iPqsU>
"In this video, I'll show you a zero-day exploit that allows me to
extract all your (local) keychain passwords on macOS Mojave, and
lower versions," Henze wrote in the vid description. "Without root or
administrator privileges, and without password prompts, of course."
"While the vulnerability has been checked and verified by noted
Mac security guru Patrick Wardle, after he obtained a copy of Henze's
exploit, details of the shortcoming are not publicly known ĄV not even
to Apple."
Since the Apple Apologists deny all facts out of hand they don't like, see:
<
https://www.theregister.co.uk/2019/02/07/mac_0day_disclosure/>
<
https://www.bbc.com/news/technology-47169462>
etc.
This is oddly reminiscent of this bug of about a year or so ago,. which yet
again, time and again, proves Apple doesn't even do the most minimal of
testing for security or privacy since what matters to Apple isn't the
product but the IMAGE of the product (so, who needs testing until the shit
hits the fan?).
o Anyone can hack into MacOS High Sierra simply by typing "root"!
<
https://www.wired.com/story/macos-high-sierra-hack-root/>
FACT:
*Yet again, Apple doesn't even do the _bare minimum_ of product testing!*