When Apple introuduced it’s bug-bounty program they only opened it up for iOS and not MacOS, and now a new exploit has been discovered by Security researcher Linuz Henze.
Henze has discovered several iOS exploits in the past however out of frustration with Apple’s lack of bug bounty for MacOS, he is refusing to share the exploit with Apple.
The demo can be viewed here. Henze says the KeySteal demo app which does not require administrator privileges to execute the attack.
Henze also states that it does not matter if Access Control Lists are set up and the exploit succeeds on machines with System Integrity Protection enabled. Users can proactively defend themselves by locking the login Keychain with an additional password.