11:53 18th Jun, 2015
Researchers Expose Critical Zero-Day Flaw In Apple’s OSX And iOS
Say that they were reported back in October.
After Samsung, it now seems that it is Apple’s turn to speak up about what happens to be a massive zero-day flaw (one that gets exploited by hackers before the vendor becomes aware) that exposes personal data not only from native apps, but also from sandboxed third-party apps as well.
Indeed, Apple customers are going to be asking a ton of questions about this latest security flaw that was discovered by a group of researchers back in October 2014.
The vulnerability revolves around, the research team’s ability to build and develop a malware that easily got through Apple’s App Store security checks and then allows the attacker to break into the company’s keychain (password storage), steal data from native apps and even break into third party apps that are sandboxed (meaning that one app cannot communicate with another for better security).
To begin with, the massive XARA or unauthorized cross-app resource access flaw was discovered and reported to Apple back in October. To make things worse, even Apple with all its billions did not have the time to get back to the team until they finally asked the team to withhold their research.
This Apple did this saying that the company needs about six months to fix the flaws. It was massive in scale, so massive that even third-party app developers who thought their sandboxed applications were safe, now have no clue how the their now exposed apps can be protected from the current vulnerability. In February, the Cupertino staffers requested an advanced copy of the research paper but the massive hole is has not been plugged just yet.
More importantly, this works for both iOS and Mac OS X platforms. Lead researcher Xing told the Register:
"We completely cracked the keychain service - used to store passwords and other credentials for different Apple apps - and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps."
Indeed this is something that Apple has to fix, even though the company’s current focus is on iOS 9 as revealed at the WWDC that took place recently. More importantly with the research papers up, people with wrong intentions can easily cook up something that could (or already) has millions of desktops, tablets and smartphones from Apple at risk.
- NETGEAR Orbi RBK50 Mesh System to Augment Your Home Wi-Fi Network for Improved Work Efficiency
- Motorola announces its new flagship in India with the Fastest, Loudest, Boldest; motorola edge+
- Surface Pro X, Surface Pro 7 and Surface Laptop 3 are now available in India
- Genelec Announces 1235A: Classic Heritage, Cutting Edge Performance
- Unbox Robotics, an early stage startup from the maiden cohort of Entrepreneur First, receives initial round of funding
- boAt audio ranked No.1 in India in the earwear category
- Kodak HD LED TV launches India’s most affordable Dolby vision Android certified 4K TVs
- Global debut of Redmi Note 9 Pro Max and Redmi Note 9 Pro in India
- POCO announces ‘Head for Red’ sale for Phoenix Red POCO X2
- Xiaomi India launches new Mi Dual Driver In-Ear Earphones