A macOS <= 10.14.3 Keychain exploit
KeySteal is a macOS <= 10.14.3 Keychain exploit that allows you to access passwords inside the Keychain without a user prompt. The vulnerability has been assigned CVE-2019-8526 number.
KeySteal consists of two parts: 1. KeySteal Daemon: This is a daemon that exploits securityd to get a session that is allowed to access the Keychain without a password prompt. 2. KeySteal Client: This is a library that can be injected into Apps. It will automatically apply a patch that forces the Security Framework to use the session of our keysteal daemon.
Add a link to my talk about this vulnerability at Objective by the Sea
For most files, see LICENSE.txt.
The following files were taken (or generated) from Security-58286.220.15 and are under the Apple Public Source License: * handletypes.h * sstypes.h * ucsptypes.h * ucsp.hpp * ucspUser.cpp
A copy of the Apple Public Source License can be found here.