Security Flaw In iOS and OS X Allows Password Theft
Security researchers from Indiana University, Peking University and
Georgia Institute of Technology, have revealed critical
vulnerabilities within iOS and OS X that allows attackers to steal
credentials from Apple’s password management system Keychain.
In a paper titled "Unauthorized Cross-App Resource Access on Mac OS X and iOS",
the researchers published their findings and demonstrates how it’s
possible to upload malware to the App Store and the Mac App Store by
circumventing Apple’s vetting process.
"We found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL
Scheme on OS X and iOS, can all be exploited by the malware to steal
such confidential information as the passwords for iCloud, email and
bank, and the secret token of Evernote," the group wrote in the paper.
The researchers told The Register
that Google's Chromium security team removed keychain integration for
Chrome, saying the issue could likely not be solved at the application
level.
The researchers have reported the vulnerabilities to Apple in October
2014, but the flaws still exist in the most recent versions of Apple’s
software.
You might also like: dSploit - Android App For Hackers
