All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Memory Deals, Thunderbolt Drives, Performance Upgrades, and More

Can you Trust Apple with Anything at All? Claimed 0-Day Exploit for Stealing Every Password in Your Keychain on macOS Mojave and earlier macOS

The claim by Linus Henze is:

In this video, I'll show you a 0-day exploit that allows me to extract all your keychain passwords on macOS Mojave (and lower versions). Without root or administrator privileges and without password prompts of course.

This is not the first time. You might remember KeychainStealer from @patrickwardle, released 2017 for macOS High Sierra, which can also steal all your keychain passwords. While the vulnerability he used is already patched, the one I found still works, even in macOS Mojave. I won't release this. The reason is simple: Apple still has no bug bounty program (for macOS), so blame them.

https://www.youtube.com/watch?v=nYTBZ9iPqsU

Apple talks a good PR story (congratulations to Tim Cook for his persuasion), but the bottom line is that a mind-blowing run of serious security flaws in macOS is prima facie evidence of software development incompetence chained to a calendar-based ship-it-testing-be-damned schedule.

What MPG wants to know is whether Apple acknowledges or denies this bug and (particularly important) if Apple is paying bug bounties for such stuff, so that the Bad Guys don’t get hold of it. Tim? Where’s the beef, is it a nothingburger or what?

iOS

If you were an iOS hacker, would you rather sell a 0-day for $1.5M to a 3rd party, or $0.2M to Apple? Apple cannot be taken seriously on its economicallly illiterate approach to bugs.

iPhone Bugs Are Too Valuable to Report to Apple

B&H Deal ZoneDeals by Brand/Category/Savings
Deals expire in 8 hours unless noted. Certain deals may last longer.
$3199 SAVE $200 = 5.0% $99 FREE ITEMS Canon EOS R Mirrorless with 24-105mm in Cameras: Mirrorless
$1632 SAVE $700 = 28.0% $165 GIFT CARD LG C8PUA 55" Class HDR UHD Smart OLED TV in Electronics: Televisions
$3097 SAVE $200 = 6.0% $78 FREE ITEMS Nikon D850 DSLR in Cameras: DSLR
$1797 SAVE $200 = 10.0% Pentax K-1 Mark II DSLR in Cameras: DSLR
$998 SAVE $400 = 28.0% Sony a7 II Mirrorless in Cameras: Mirrorless
$1798 SAVE $200 = 10.0% Sony a7R II Mirrorless in Cameras: Mirrorless
$3998 SAVE $500 = 11.0% Sony a9 Mirrorless in Cameras: Mirrorless
$5987 SAVE $1839 = 23.0% ZEISS Loxia 5-Lens Bundle in Lenses: Mirrorless
$11594 SAVE $3157 = 21.0% ZEISS Otus ZF.2 3-Lens Bundle in Lenses: DSLR

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__