Facebook makes it free and easy to kill latest OS X and iOS zero-days

“The world’s biggest social network does a fair amount of altruistic work, some of it controversial, like Internet.org, some if it just straight-up nice,” Thomas Fox-Brewster reports for Forbes. “Falling firmly into the latter category is ‘osquery’, an open source framework for monitoring operating system security, which has just been updated to detect some serious vulnerabilities affecting Apple’s iOS and Mac OS X.”

“One of the more serious flaws could have been exploited to poison the Keychain in Macs that store passwords and other authenticating data in ‘items.’ It was possible to create malware, get it onto the Apple App Store and have it delete an item of a legitimate app and force it to dump its authenticating information into an attacker-controlled item. That could have given attackers access to all the private data in the good app,” Fox-Brewster reports. “Facebook’s osquery has been given a new tool that exposes what apps are doing on the Keychain to determine if they have malicious intent.”

Read more in the full article here.

MacDailyNews Take: Helpful open source tools like this from Facebook are always welcome!

Apple patches Mac App Store for XARA exploits; additional fixes are ‘in progress’ – June 22, 2015
Major zero-day security flaws in both iOS and OS X allow theft of Keychain, app passwords – June 17, 2015


  1. If humanity worked together more often, we would achieve much more at greater exponential rates.

    The answers to many of humanity’s unanswered questions are likely hidden as pieces of a puzzle within the collective minds of everyone alive.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.