Rene Ritchie reports for iMore, “‘Earlier this week we implemented a server-side app security update that secures app data and blocks apps with sandbox configuration issues from the Mac App Store,’ an Apple spokesperson told iMore. ‘We have additional fixes in progress and are working with the researchers to investigate the claims in their paper.'”
“The XARA exploits, recently disclosed to the public in a paper titled Unauthorized cross-app resource access on Mac OS X and iOS, target the OS X Keychain and Bundle IDs, HTML 5 WebSockets, and iOS URL schemes,” Ritchie reports. “While they absolutely need to be fixed, like most security exploits, they have also been needlessly conflated and overly sensationalized by some in the media. So, what’s really going on?”
Much more in the full article – recommended – here.
MacDailyNews Take: A good article that puts the issue in perspective.
SEE ALSO:
Major zero-day security flaws in both iOS and OS X allow theft of Keychain, app passwords – June 17, 2015
Interesting article. I suspect that Apple has already scanned and sanitized the App Store for the most obvious XARA exploits. And it is good to hear that Apple is working to bolster OS X and iOS security against these types of attacks.
Companies are typically reserved when it comes to talking about actual or potential IT security vulnerabilities. I am not surprised that Apple has kept quiet about XARA, especially if the security fix is still in work.
Since the sanitizing occurred only recently, perhaps a suggestion to re-download any apps a user may have DLed in the past 6 months or so is in order to make sure the users’ systems are ‘clean’ of the obvious XARA exploits.