Linus Henze has informed Apple of all details regarding a bug he discovered in the macOS Keychain security software and has done so without payment from the company. He previously withheld the information in protest of the company’s lack of a Bug Bounty for Mac, but now says the problem is too important to keep to himself.
To get latest Technology News, Like this page:- https://fb.com/TechGuruWeb
German teenager Linus Henze has sent Apple full details of
The 18-year-old had discovered a macOS bug that could allow apps to see passwords held in Mojave’s Keychain security feature. He developed an app he called KeySteal to demonstrate it, but originally refused to inform Apple. Henze was protesting against the fact that Apple has no Bug Bounty program for macOS the way it does for iOS.
“I’m willing to immediately submit you the full details – including a patch,” he said in an email to the company dated Feb. 5. “If an official Apple representative sends me an official (and reasonable!) statement why Apple does not have nor wants to create a Bug Bounty program for macOS.”
Apple did reach out to Henze to ask about his discovery, but not to discuss his demands. On Feb. 8, he emailed again, re-stating his conditions, but seemingly got no response.