Linus Henze an 18-year old kid from Germany has discovered a bug that can get access to the keychain (the password management system) that is built into the macOS. But the researcher has decided to not help Apple fix the bug.
The cybersecurity vulnerability discovered by Henze leaves stored passwords open to malicious apps. This means that your login credentials for the bank, Netflix, Amazon, and many more online websites may get compromised due to the bug. Although the bug is macOS specific, this may also put your iCloud keychain at risk. But what makes the bug dangerous is the fact that it does not require any admin access to retrieve passwords from a users keychain file. Moreover, it can also retrieve the contents of other keychain files that consist of passwords for other macOS users.
Henze believes that Apple’s policies on bug bounty are downright wrong when it comes to macOS. Talking to Forbes he said: “It's like they don't really care about macOS,” expressing his frustration on Apple’s policy of not paying researchers for disclosing bugs for macOS. He further explained that such bug discoveries take time and paying researchers is something that can help Apple make macOS more secure.