Why Doesn't Apple Have a Mac Bug Bounty Program?

We discuss a new macOS Keychain vulnerability, which raises the question of why Apple still doesn't have a Mac bug bounty program. We also discuss shortcomings of two-factor authentication, the removal of the Do Not Track feature from Safari, whether or not Google Chrome's lookalike URL warnings are actually a good thing, and more (including why Apple still hadn't fixed the Group FaceTime spying bug; they finally did after we recorded the episode).

• Apple Patches Group FaceTime, Shortcuts Vulnerabilities
• Apple's bug bounty program, launched in 2016
• Apple might pay teenager who found Group FaceTime surveillance bug
• Apple to Remove “Do Not Track” Feature from Safari
• Google Chrome to get warnings for 'lookalike URLs'
• Typosquatting (Wikipedia)
• Josh's tweet from 2012 about AdBlock Plus
• Chrome Canary
• Security researcher demos macOS exploit to access Keychain passwords, but won’t share details with Apple out of protest
• Mr. Steal Yo Keychain (Patrick Wardle's keychain discovery of 2017)
• Market for zero-day exploits (Wikipedia)
• Two-Factor Authentication Might Not Keep You Safe
• Two-Factor Authorization Apps for iOS
• Kevin Mitnick (Wikipedia)

Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.