All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

As an Amazon Associate I earn from qualifying purchases @AMAZON

Consult with Lloyd: cameras, computers, backup, etc...
Lloyd’s Patreon
Designed for the most demanding needs of photographers and videographers.
Connect and charge all of your devices through a single Thunderbolt or USB-C port.
Newly In Stock: SEE ALL...
Sony Mirrorless wish listDeals on Sony
$2997 Nikon Z7 II Mirrorless Camera OUT OF STOCK in Cameras: Mirrorless
$2297 Nikon D780 DSLR OUT OF STOCK in Cameras: DSLR
$2997 Nikon D850 DSLR OUT OF STOCK in Cameras: DSLR
$720 ZEISS 32mm f/1.8 Touit Lens for FUJIFILM X OUT OF STOCK in Lenses: Mirrorless
$497 Pentax 70mm f/2.4 HD Pentax DA Limited IN STOCK in Lenses: DSLR
Highly Recommended!
External SSD wish listDeals on OWC
$220 SAVE $130 = 37.0% Western Digital 16.0TB Western Digital Ultrastar DC HC550 3.5-in… in Storage: Hard Drives
$680 OWC 2.0TB OWC Atlas Ultra CFexpress 4.0 Type B Memory Card in All Other Categories
$580 OWC 4.0TB OWC Envoy Pro Elektron USB-C Portable NVMe SSD in All Other Categories
$630 OWC 4.0TB OWC Express 1M2 USB4 (40Gb/s) Bus-Powered Portable NVM… in All Other Categories
$2380 OWC 72.0TB OWC ThunderBay 4 Four-Drive Thunderbolt External Stor… in All Other Categories

Can you Trust Apple with Anything at All? Claimed 0-Day Exploit for Stealing Every Password in Your Keychain on macOS Mojave and earlier macOS

2019-02-04 • SEND FEEDBACK |
Related: Apple, Apple Core Rot, Apple macOS, Apple macOS Mojave, passphrase, security

Update March 1: Linus Henze has provided (for free) the bug details to Apple, with no response and without reward. How can Apple be taken seriously when it ignores severe vulnerabilities like this?

...

The claim by Linus Henze is:

In this video, I'll show you a 0-day exploit that allows me to extract all your keychain passwords on macOS Mojave (and lower versions). Without root or administrator privileges and without password prompts of course.

This is not the first time. You might remember KeychainStealer from @patrickwardle, released 2017 for macOS High Sierra, which can also steal all your keychain passwords. While the vulnerability he used is already patched, the one I found still works, even in macOS Mojave. I won't release this. The reason is simple: Apple still has no bug bounty program (for macOS), so blame them.

https://www.youtube.com/watch?v=nYTBZ9iPqsU

Apple talks a good PR story (congratulations to Tim Cook for his persuasion), but the bottom line is that a mind-blowing run of serious security flaws in macOS is prima facie evidence of software development incompetence chained to a calendar-based ship-it-testing-be-damned schedule.

What MPG wants to know is whether Apple acknowledges or denies this bug and (particularly important) if Apple is paying bug bounties for such stuff, so that the Bad Guys don’t get hold of it. Tim? Where’s the beef, is it a nothingburger or what?

iOS

If you were an iOS hacker, would you rather sell a 0-day for $1.5M to a 3rd party, or $0.2M to Apple? Apple cannot be taken seriously on its economicallly illiterate approach to bugs.

iPhone Bugs Are Too Valuable to Report to Apple

View all handpicked deals...

Seagate 22TB IronWolf Pro 7200 rpm SATA III 3.5" Internal NAS HDD (CMR)
$500 $400
SAVE $100

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | X.com/diglloyd
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__