German Researcher Gives Apple Details of Mojave Keychain Flaw, Despite no Bug Bounty

· · Link

LONDON – Security researcher Linus Henze handed over all the detail of a macOS Keychain bug he discovered, AppleInsider reported. This is despite not receiving any money from Apple. The company does not have a bug bounty program. Mr. Henze had previously withheld the information. He wanted Apple to start offering a bug bounty for security flaws researchers bring them. He discovered an exploit which allowed apps to see passwords held in the macOS Mojave keychain.

German teenager Linus Henze has sent Apple full details of a Keychain security exploit that he demonstrated in early February, and has done so despite the company ignoring his previous conditions. Henze says that he has decided to reveal the details to Apple because the bug he’s found “is very critical and because the security of macOS users is important to me.”

Air Force Bug Bounty Program Goes Live For Hackers

· · News

Today the Air Force announced a program for sharing vulnerabilities that it will launch next month. The Air Force bug bounty program will let hackers comb several public Air Force websites for software vulnerabilities. Cash prizes are available for discovered bugs, and this new program also does something new that others of its kind don’t. Andrew Orr reveals all.