Zero day flaw in Apple iOS and MAC OS x reveals user passwords

Zero day flaw in Apple iOS and MAC OS x reveals user passwords

Zero day flaw  in iOS and Mac OS X

Apple


As per The Register, Six university researchers have revealed deadly zero-day flaws in Apple’s iOS and OS X, claiming it is possible to crack Apple’s password-storing keychain, break app sandboxes, and bypass its App Store security checks. Attackers can exploit these bugs to steal passwords from installed apps, including the native email client, without being detected.

Also it says on this Zero day flaw:

“Keychains raided, sandboxes busted, passwords p0wned, but Apple silent for six months”

According to the researchers team, they were able to upload malware to Apple’s app stores, and passed the vetting processes without triggering any alarms. That malware, when installed on a victim’s Mac, raided the keychain to steal passwords for services including iCloud and the Mail app, and all those stored within Google Chrome.

“Our malicious apps successfully went through Apple’s vetting process and was published on Apple’s Mac app store and iOS app store.

“We completely cracked the keychain service – used to store passwords and other credentials for different Apple apps – and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps.”

Lead researcher Luyi Xing told El Reg he and his team complied with Apple’s request to withhold publication of the research for six months, but had not heard back as of the time of writing.

They say the holes are still present in Apple’s software, meaning their work will likely be consumed by miscreants looking to weaponize the work.

Further more, Apple was not available for immediate comment on this matter.

For more information you can head over to this link at The Register and read the complete technical document published.

Previous Samsung to update patch for the SwiftKey exploit
Next OnePlus Two will be coming with a SnapDragon 810

About author

siba 698 posts

A B.Tech degree holder with more than 5 years of experience on Embedded Systems design domain. He has worked on Aerospace domain, NAND storage, Server storage and Wireless networking.

View all posts by this author →

You might also like

Uncategorized 0 Comments

Xperia A4 is to arrive in Japan on 18 June

Japanese carrier NTT docomo has announced it will launch the Sony Xperia A4 (SO-04G) on 18 June 2015. The Sony Xperia A4 is almost identical to the global Xperia Z3

Uncategorized 0 Comments

[ROM] [CM12] UNOFFICIAL CyanogenMod 12 Android Lollipop for SONY Xperia Z1

It sounds cool when you have the latest Android on your device. No matter if your phone vendor releases one for you or not. Because developers around the globe are

Uncategorized 1Comments

Panasonic P55 Novo launched at Rs. 9,290

Panasonic P55 Novo launched in India at a proce tag tag of Rs. 9,290, which is a follow up handset to the earlier launched P55, priced at Rs. 10,290. The

0 Comments

No Comments Yet!

You can be first to comment this post!