Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on.

That just seems to be about granting an app access to all keys, which is not quite the same as per-app keys.

I know that macOS has this for sandboxed apps from the app store, maybe they have it for “sideloaded” apps as well but at least most OSes don’t have that. At least for Windows and Linux there isn’t a good way to identify an “app” to separate it from any other. My macOS knowledge is rusty but IIRC you install apps in a system-owned directory and apps only have permission to update themselves so maybe you could use the application path as a key, but the other listed affected OSes don’t have that.

☆ Yσɠƚԋσʂ ☆

I’m not familiar with windows, but here’s an example of how secrets management works on Linux.

Create a post

Confidentiality Integrity Availability

  • 1 user online
  • 1 user / day
  • 1 user / week
  • 5 users / month
  • 33 users / 6 months
  • 2 subscribers
  • 178 Posts
  • Modlog