Security Researcher Won't Share macOS Keychain Bug

· · Link

Security researcher Linuz Henze found a macOS Keychain bug but won’t share it with Apple out of protest.

Henze has publicly shared legitimate iOS vulnerabilities in the past, so he has a track record of credibility. However, Henze is frustrated that Apple’s bug bounty program only applies to iOS, not macOS, and has decided not to release more information about his latest Keychain invasion.

It is odd that there isn’t a macOS bug bounty but I think withholding security information isn’t the way to go.