Why Doesn't Apple Have a Mac Bug Bounty Program?

We discuss a new macOS Keychain vulnerability, which raises the question of why Apple still doesn't have a Mac bug bounty program. We also discuss shortcomings of two-factor authentication, the removal of the Do Not Track feature from Safari, whether or not Google Chrome's lookalike URL warnings are actually a good thing, and more (including why Apple still hadn't fixed the Group FaceTime spying bug; they finally did after we recorded the episode).

• Apple Patches Group FaceTime, Shortcuts Vulnerabilities


• Apple's bug bounty program, launched in 2016


• Apple might pay teenager who found Group FaceTime surveillance bug


• Apple to Remove “Do Not Track” Feature from Safari


• Google Chrome to get warnings for 'lookalike URLs'


• Typosquatting (Wikipedia)


• Josh's tweet from 2012 about AdBlock Plus


• Chrome Canary


• Security researcher demos macOS exploit to access Keychain passwords, but won’t share details with Apple out of protest


• Mr. Steal Yo Keychain (Patrick Wardle's keychain discovery of 2017)


• Market for zero-day exploits (Wikipedia)


• Two-Factor Authentication Might Not Keep You Safe


• Two-Factor Authorization Apps for iOS


• Kevin Mitnick (Wikipedia)

Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.