Keychain ignored setting for default keychain.
| Originator: | pepi.zawodsky | ||
| Number: | rdar://15613217 | Date Originated: | 09-Dec-2013 12:10 AM |
| Status: | Open | Resolved: | |
| Product: | OS X | Product Version: | 9.0 (55153) |
| Classification: | Security | Reproducible: | Always |
Summary: Keychain.app on OS X ignores the setting for the user's set default keychain file and adds items to “Local Keychain”. This can expose critical information to insecure devices and US governmental surveillance through unwanted iCloud keychain sync. Steps to Reproduce: Select any keychain as default keychain. Login to a website. When prompted to save the password klick OK. Expected Results: The password item should only be added to the default keychain chosen by the user. Actual Results: The item is added to the Local Items keychain without informing the user about this and the user's choice of default keychain is ignored. Regression: The default keychain selection has worked poperly from Mac OS X 10.0 up to and including OS X 10.8.5. The Local Keychain is _untrusted_ by me since it may expose any item to iCloud sync at any time without my consent exposing my private information to Apple's servers, NSA surveillance or other institutions which I absolutely cannot tolerate. Notes: Exporting a user's personal and considered private information in the OS X keychain without the user's consent has legal implications resulting in the illegibility of Apple products to be used due to severe security concerns.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!