Linuz Henze, a security researcher has discovered a major bug in Apple’s macOS that could possibly allow a hacker to steal passwords from the Keychain on your device.
The bug allows access to passwords that are stored in the Keychain and it is demonstrated in the video below.
Linuz Henze has decided not to share the bug with Apple out of protest because Apple’s bounty program which pays developers who have found bugs only Apple;s to their iOS software and not their macOS software.
He ha also shared details on how you can protect yourself from this happening to you. You need to lock the login Keychain by adding an additional password, this is not default and not easy to enable.
Hopefully Apple will fix this bug and also expand their bounty ;program to include macOS as well as iOS.
Source 9 to 5 Mac