Detecting a serious security vulnerability on macOS, this 18-year-old youth refused to disclose it because Apple did not pay the bonus

Linus Henze, an 18-year-old German, recently claimed to have discovered a serious security flaw on macOS that could expose the machine's storage passwords to malicious applications. Although this is only a bug on the Mac, if the Mac is linked to an iCloud account, this error may affect the synced password between the iPhone and the Mac.

It is worth mentioning that Linus Henze decided not to share details about this error on macOS because Apple will not pay bonuses for this type of discovery. This makes Apple unable to fix this vulnerability.

Linus Henze has discovered many different errors on iOS and macOS in the past. And according to Linus Henze, Apple doesn't pay for security vulnerabilities detection on macOS.

Henze said he discovered how to access the Mac's keychain system, which contained all of the user's private keys and passwords. If the bad guys take advantage of this vulnerability and gain important data, the user will be seriously affected.

Henze successfully installed malicious code in the form of a team application for Mac. This allowed him to read the code and password in the keychain system, even "walk around" in the Mark machine without the victim's permission.

There are many ways, both illegal and legal, to allow malicious code to enter the victim's computer. According to Henze's hypothesis, hackers could trick users into accessing a fake website, installing malicious code and stealing the token. From there, hackers can easily access their iCloud account, take up Apple ID and download the keychain from Apple's server.

Henze announced his findings just a week after teenager Grant Thompson, 14, found a security bug in the Group FaceTime feature and might be rewarded with $ 25-200 thousand by Apple.

Please follow Linus Henze's demo video about the keychain vulnerability on macOS.