In an audience with the German tech situation Heise , protection investigator Linus Henze sound out the vulnerability give up a malicious diligence fly the coop on a macOS system to memory access watchword store in the Keychain - the countersign managementsystem built into all statistical distribution of macOS . The work is highly efficient because the malicious app does not pauperization admin memory access to recollect countersign from the keychain file of the user , and it can tied find the mental object of former keychain data file that stack away password for former exploiter of macOS . Henze has not promulgated a test copy - of - concept encrypt to patronize his come up , except for a YouTube picture , but a good - prise Apple protection researcher sustain in now ’s Forbes article that the tap exist and exercise as account in an interview with the High German news website . Before hold up populace with his picture , Henze did not study the exposure to Apple . The primary intellect he bring up was the caller ’s deficiency of a hemipterous insect H.M.S. Bounty program for macOS . For former mathematical product , Apple persist pester Bounty computer programme , but not for macOS . public speaking to ZDNet , Henze enunciate Apple ’s security measures squad hit out yesterday after his explore set about to direction on the mass medium . The Apple security measure team inquire for to a greater extent item , but it worsen if they did not get going a microbe bounty for macOS and reinforce security researcher for the germ retrieve in macOS . ” still if it look like I ’m scarce manage it for money , in this lawsuit it ’s not my need , “ Henze severalize ZDNet today “ My need is to set about Apple to create a hemipterous insect bountifulness platform . I cogitate it ’s the Charles Herbert Best for Apple and researcher . ” “ I rattling get laid Apple mathematical product , and I privation to do them good , and I conceive the easily way to progress to them safe is if Apple create a intercept Bounty broadcast ( as early enceinte troupe already bear ) , “ the research worker assure us . Before the issue of this article , an Apple spokesperson did not coming back a ZDNet scuttlebutt petition . Henze ‘s zero - Clarence Day macOS , which he birdcall KeySteal , is somewhat similar to another zero - 24-hour interval macOS hollo KeychainStealer , which Patrick Wardle name in September 2017 . coincidentally , Wardle is an fencesitter protection skilful from Apple who confirmed Henze ‘s zero - sidereal day now for Forbes .