Security Researcher Won’t Share macOS Keychain Bug

Security researcher Linuz Henze found a macOS Keychain bug but won’t share it with Apple out of protest.

Henze has publicly shared legitimate iOS vulnerabilities in the past, so he has a track record of credibility. However, Henze is frustrated that Apple’s bug bounty program only applies to iOS, not macOS, and has decided not to release more information about his latest Keychain invasion.

It is odd that there isn’t a macOS bug bounty but I think withholding security information isn’t the way to go.

Check It Out: Security Researcher Won’t Share macOS Keychain Bug

4 thoughts on “Security Researcher Won’t Share macOS Keychain Bug

  • What alternative does he have? He’s played by Apple’s rules and bug bounties are worth way more than Apple will ever pay out for them. If Apple won’t employ such a valuable security researcher, he at least deserves some compensation for his work. It is his job after all.

    Apple just recently demonstrated how tone deaf it can be to “not found here” security issues. What ‘security’ representative would tell someone with a Group FaceTime unauthorised listening and video bug – go file a radar?? I don’t care how inundated Apple is with “bugs”, surely that one deserved immediate attention. Confirm the issue over the phone/chat and push the panic button.

    Apple can be arrogant. It does things no other company can do, but at the same time, believes it has all the answers inside-the-company. Not-invented-here is legendary at Apple.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.