Top
Unpatched OS X, iOS flaws allow password, token theft from keychain, apps

Unpatched OS X, iOS flaws allow password, token theft from keychain, apps

June 17, 2015

Six researchers from Indiana University Bloomington, Peking University and Georgia Tech have recently published a paper in which they detail the existence of critical security weaknesses in Apple’s OS X and iOS – weaknesses that could be exploited by a sandboxed malicious app to gain unauthorized access to other apps’ sensitive data.

“More specifically, we found that the inter-app interaction services, including the keychain, WebSocket and NSConnection on OS X and URL Scheme on OS X and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote,” they noted.

Read More