“Researchers from Indiana University and the Georgia Institute of Technology said that security holes in both iOS and OS X allow a malicious app to steal passwords from Apple’s Keychain, as well as both Apple and third-party apps,” Ben Lovejoy reports for 9to5Mac. “The claims appear to have been confirmed by Apple, Google and others.”
“The Register says the team reported the flaws to Apple in October of last year. At that time, Apple said that it understood the seriousness of the flaws and asked the researchers to give it six months to address them before the exploit was made public,” Lovejoy reports. “In February, Apple requested an advance copy of the paper, yet the flaws remain present in the latest versions of both operating systems.”
Read more in the full article here.
“The team was able to upload malware to the Apple app store, passing the vetting process without triggering alerts that could raid the keychain to steal passwords for services including iCloud and the Mail app, and all those store within Google Chrome,” Darren Pauli reports for The Register. “Some 88.6 percent of 1612 Mac and 200 iOS apps were found ‘completely exposed’ to unauthorised cross-app resource access (XARA) attacks allowing malicious apps to steal otherwise secure data.”
Read more in the full article here.
MacDailyNews Take: Let’s be careful out there.
Hopefully, Apple will have a response ASAP.