Security Flaw In iOS and OS X Allows Password Theft

password theft

Security researchers from Indiana University, Peking University and Georgia Institute of Technology, have revealed critical vulnerabilities within iOS and OS X that allows attackers to steal credentials from Apple’s password management system Keychain.

In a paper titled "Unauthorized Cross-App Resource Access on Mac OS X and iOS", the researchers published their findings and demonstrates how it’s possible to upload malware to the App Store and the Mac App Store by circumventing Apple’s vetting process.

"We found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL
Scheme on OS X and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote," the group wrote in the paper.

The researchers told The Register that Google's Chromium security team removed keychain integration for Chrome, saying the issue could likely not be solved at the application level.

The researchers have reported the vulnerabilities to Apple in October 2014, but the flaws still exist in the most recent versions of Apple’s software.

You might also like: dSploit - Android App For Hackers

A malicious app (even sandboxed) on OS X stealing facebook passwords from Google Chrome browser - Video:

A malicious sandboxed app on OS X is reading/writing container directories of other sandboxed apps from different developers - Video:

You might also like: Xprivacy - A Must Have App For Hackers

No comments

Powered by Blogger.