Remember that researcher who found a Exploit in macOS that allows for password theft, and he wasn’t going to hand it over until Apple instituted a bug bounty program for macOS? Well, he caved.
I’ve decided to submit my keychain exploit to @Apple, even though they did not react, as it is very critical and because the security of macOS users is important to me. I’ve sent them the full details including a patch. For free of course.
— Linus Henze (@LinusHenze) February 28, 2019
Well, he is doing the right thing as getting Exploits like this off the street is important. But Apple really dropped the ball here as they should have a bug bounty program for macOS. Otherwise, these exploits will simply end up on the dark web and used for evil. While I hope that Apple changes course here, I really don’t expect them to as they clearly have lost the plot when it comes to the security of their platform.