Major Security Flaw in iOS and OS X Lets Attackers Steal Passwords From Any Installed App [Video]

Major Security Flaw in iOS and OS X Lets Attackers Steal Passwords From Any Installed App [Video]

Posted by · 12954 views · Translate

Security researchers have found a way to crack Apple's keychain making it possible to steal passwords from any installed app including the native the Mail app without being detected, reports The Register.

Indiana University's Luyi Xing, Xiaolong Bai, XiaoFeng Wang, and Kai Chen, joined Tongxin Li of Peking University and Xiaojing Liao of Georgia Institute of Technology to publish the paper Unauthorized Cross-App Resource Access on MAC OS X and iOS.

"Recently we discovered a set of surprising security vulnerabilities in Apple's Mac OS and iOS that allows a malicious app to gain unauthorised access to other apps' sensitive data such as passwords and tokens for iCloud, Mail app and all web passwords stored by Google Chrome," Xing told The Register. "Our malicious apps successfully went through Apple’s vetting process and was published on Apple’s Mac app store and iOS app store."

"We completely cracked the keychain service - used to store passwords and other credentials for different Apple apps - and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps."

The security flaws are still present in Apple's operating system today despite being submitted to Apple in October 2014. About 88.6% of 1612 Mac and 200 iOS apps tested were found to be "completely exposed" to this attack.

Notably, Apple may not have issued a fix yet due to the complexity of resolving it. Apple asked the researchers to grant them a six month extension before disclosing the vulnerability and in February asked them to see an advance copy of the research paper before it went public.

When notified of the bug, Google's security team removed Keychain integration from their Chrome browser and noted that it likely could not be solved at the application level. AgileBits, who makes 1Password, said it could not find a way to ward off the attack or make the malware "work harder" some four months after its disclosure.

"Note that not only does our attack code circumvent the OS-level protection but it can also get through the restrictive app vetting process of the Apple Stores, completely defeating its multi-layer defense," said the researchers.

We've yet to hear a statement from Apple on the matter but hopefully the company can address the issue in a future software update. Please follow iClarified on Twitter, Facebook, Google+, or RSS for updates.

Read More

Where da steve - June 19, 2015 at 10:27pm
Apple got nothing else to copy thus they are copying security flaws. Nice innovation!!
Flozz - June 20, 2015 at 1:48am
Apple is trying to make iOS secure. What copy? What if this is the same hacker that applies to anything else? You gonna assume that's copying to? How about the exact number of people's devices affected, huh?
Patrikcze007 - June 18, 2015 at 5:32pm
Has anyone read that document (study) ? Probably not because immediately on the first page is written that even Microsoft, Android and others have the same issue. But in case of android it is function which is probably appreciated but in case of Apple it is vulnerability. Yes it is, so wait. probably is not easy to be fixed, but I assume that apple will fix it soon and all of us will be upset again, because applications wouldn't be able to share data between them.
Flozz - June 18, 2015 at 8:07pm
Sad for that? We have jailbreak and sometimes even that fixes it.
OHHdontCHaknow - June 18, 2015 at 9:18am
duh nsa puts these flaws in on purpose and when they are found out they are fixed and new ones implemented till next round big brother man theres always a way some not intentionally made by apple or thier software writers tho --dont cha member when apple openly admited that they knew nsa had means of accessing thier devices and then turned around and denied it later
14 More Comments