iOS and OS X security flaw exposes passwords from the most “secure” apps

Advertisement

Apple spent a great deal of time talking about security at its WWDC keynote a few days ago, and it makes sense after how bad things got with the recent iCloud security issues it dealt with. As such we’ve seen the company invest in two-step password authentication for iCloud, in addition to other enhancements that are pointed in that direction. The problem is that it seems iCloud isn’t the only insecure Apple service, and today we learn more.

A recent study conducted by six researches from Georgia Tech, Indiana University and Peking University expose a series of vulnerabilities that allow sandboxed malicious apps approved by the App Store to gain access to security data stored in other apps. This thirteen page report named “Unauthorized Cross-App Resource Access on Mac OS X and iOS” explains how inter-app interaction services like Keychain and WebsSocket on OS X, to the URL Scheme on OS X and iOS can indeed be exploited to reveal passwords. Yes, believe it or not, this includes “secure” services like 1Password, AgileBits, etc. The report mentions that:

“We completely cracked the keychain service – used to store passwords and other credentials for different Apple apps – and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps.”

Obviously this requires for Apple to approve these malicious apps, something which has happened in the past, but gives Cupertino more control over fixing the problem by removing these apps. This study is new so we’ll have to wait and see how Apple addresses this issue.

Source: Report (Google Drive link)
Via: Mac Rumors

Share This Post
Advertisement
What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Jaime Rivera
Jaime has been a fan of technology since he got his first computer when he was 12, and has followed the evolution of mobile technology from the PDA to everything we see today. As our Multimedia Manger, he’s been in-charge of growing our YouTube hobby into one of the biggest video channels in the industry. When he’s not building one of our videos, or filming our Pocketnow Daily, he can be found in his second biggest passion, which is running and fitness. Read more about Jaime Rivera!