Security researcher Linuz Henze found a macOS Keychain bug but won’t share it with Apple out of protest.
Henze has publicly shared legitimate iOS vulnerabilities in the past, so he has a track record of credibility. However, Henze is frustrated that Apple’s bug bounty program only applies to iOS, not macOS, and has decided not to release more information about his latest Keychain invasion.
It is odd that there isn’t a macOS bug bounty but I think withholding security information isn’t the way to go.
Check It Out: Security Researcher Won’t Share macOS Keychain Bug
What alternative does he have? He’s played by Apple’s rules and bug bounties are worth way more than Apple will ever pay out for them. If Apple won’t employ such a valuable security researcher, he at least deserves some compensation for his work. It is his job after all.
Apple just recently demonstrated how tone deaf it can be to “not found here” security issues. What ‘security’ representative would tell someone with a Group FaceTime unauthorised listening and video bug – go file a radar?? I don’t care how inundated Apple is with “bugs”, surely that one deserved immediate attention. Confirm the issue over the phone/chat and push the panic button.
Apple can be arrogant. It does things no other company can do, but at the same time, believes it has all the answers inside-the-company. Not-invented-here is legendary at Apple.
I guess it is the age of “protest.” Temper tantrum if people do give you the respect or recognition you think you deserve.
“Henze found a macOS Keychain bug but won’t share it with Apple out of protest.”
How mature of him
So, is the problem that Apple won’t fix the stuff he brings attention to–or that he’s not getting paid for finding it. Hmm.