What's new

Mac OS X and iOS Security Flaw Lets Hackers Steal Your Passwords

dgstorm

Editor in Chief
Joined
Jul 27, 2011
Messages
911
Reaction score
328

It seems like there are a multitude of security flaws which get reported in the news at least once a month, and most of the time they turn out to be not that worrisome because they affect a small subset of users. This latest news is potentially more troubling as it also has the attention of Apple themselves.

According to the latest report from security researcher Luyi Xing, Apple iPhone has a serious security in iOS and OS X which will allow hackers to steal all of your passwords (or at least all passwords you have saved in Apple’s Keychain). Xing leads a team of seven researchers from Indiana University, Georgia Institute of Technology and Peking University. They recently discovered a serious zero-day flaw in Apple's Keychain service .Here's a quote with more of the details,

“Recently we discovered a set of surprising security vulnerabilities in Apple’s Mac OS and iOS that allows a malicious app to gain unauthorized access to other apps’ sensitive data such as passwords and tokens for iCloud, Mail app and all web passwords stored by Google Chrome. Our malicious apps successfully went through Apple’s vetting process and was published on Apple’s Mac app store and iOS app store.”

We completely cracked the Keychain service – used to store passwords and other credentials for different Apple apps – and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps.”

The good news is that Apple has been alerted to the issue and are working hard to address the problem. The bad news is that Apple has been aware of it since October, but has yet to actually address the issue in any of their latest OS versions.

The video above is a demonstration of the flaw. We felt it was important to share this issue for those who are concerned about security on their Apple devices.

Source: The Register
 
So called "security researchers" like this are no better than out and out hackers. They're in it for the notoriety, not in doing anybody any favours.
 
Top