Guys read this properly - Make sure you don't use Google Chrome in key chain until they finds a fix for it. Stay safe guys - our passwords are the most important things to us. Researchers from Indiana University and the Georgia Institute of Technology said that security holes in both iOS and OS X allow a malicious app to steal passwords from Apple’s Keychain, as well as both Apple and third-party apps. The claims appear to have been confirmed by Apple, Google and others.
We completely cracked the keychain service – used to store passwords and other credentials for different Apple apps – and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps
The Register says the team reported the flaws to Apple in October of last year. At that time, Apple said that it understood the seriousness of the flaws and asked the researchers to give it six months to address them before the exploit was made public. In February, Apple requested an advance copy of the paper, yet the flaws remain present in the latest versions of both operating systems …
Apple released iOS 9 beta few days back for developers. If you want then you can also update to iOS 9 beta right now and enjoy all of its features. Apple has given tons of new features to their latest iOS 9 version. You can update now to iOS 9 beta by Registering your iPhone/iPad/iPod udid to Apple Developer Program which costs $99/per year, but you can register your iPhone iPad iPad udid to Apple Developer Account from our website, it will cost $15 ONLY and you can save $89, we will register your device udid to our Apple Developer Account which is give you access to download and update to iOS 9 beta's now before it's release for general public.
Get early access to iOS 9 beta and update now and enjoy all features of iOS 9 legitimately. Click here to Register your iPhone/iPad/iPod udid to Apple Developer Account and then update to iOS 9 beta.
Researchers were able to upload malware exploiting the vulnerabilities to both iOS and Mac App Stores, despite Apple’s vetting. The compromised apps were approved for both platforms.
The team say that they tested the exploit against a wide range of both Mac and iOS apps, and found that almost 90% of them were “completely exposed,” allowing the malware full access to data stored in the apps – including logins.
Based on a video released by the team (below), a commentator on Hacker News appears to be correct in suggesting that while the malware cannot directly access existing Keychain entries, it can do so indirectly by forcing users to login manually and then capturing those credentials in a newly-created entry.
Keychain items have access control lists, where they can whitelist applications, usually only themselves. If my banking app creates a keychain item, malware will not have access. But malware can delete and recreate keychain items, and add both itself and the banking app to the ACL. Next time the banking app needs credentials, it will ask me to reenter them, and then store them in the keychain item created by the malware
For now, the best advice would appear to be cautious in downloading apps from unknown developers – even from the iOS and Mac App Stores – and to be alert to any occasion where you are asked to login manually when that login is usually done by Keychain.
As ever, the best practice is never to allow either your browser or a password manager to store your most sensitive logins, such as for online banking.
Stay always updated with the latest news of Apple and jailbreak stuffs. You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page and subscribe to our Youtube Channel .We also offer iPhone Factory Unlock service, iPhone Carrier check service and we also register iPhone,iPad,iPod udid to Apple Developer Program for installing latest iOS 9.x beta.
We completely cracked the keychain service – used to store passwords and other credentials for different Apple apps – and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps
The Register says the team reported the flaws to Apple in October of last year. At that time, Apple said that it understood the seriousness of the flaws and asked the researchers to give it six months to address them before the exploit was made public. In February, Apple requested an advance copy of the paper, yet the flaws remain present in the latest versions of both operating systems …
Apple released iOS 9 beta few days back for developers. If you want then you can also update to iOS 9 beta right now and enjoy all of its features. Apple has given tons of new features to their latest iOS 9 version. You can update now to iOS 9 beta by Registering your iPhone/iPad/iPod udid to Apple Developer Program which costs $99/per year, but you can register your iPhone iPad iPad udid to Apple Developer Account from our website, it will cost $15 ONLY and you can save $89, we will register your device udid to our Apple Developer Account which is give you access to download and update to iOS 9 beta's now before it's release for general public.
Get early access to iOS 9 beta and update now and enjoy all features of iOS 9 legitimately. Click here to Register your iPhone/iPad/iPod udid to Apple Developer Account and then update to iOS 9 beta.
Researchers were able to upload malware exploiting the vulnerabilities to both iOS and Mac App Stores, despite Apple’s vetting. The compromised apps were approved for both platforms.
The team say that they tested the exploit against a wide range of both Mac and iOS apps, and found that almost 90% of them were “completely exposed,” allowing the malware full access to data stored in the apps – including logins.
Based on a video released by the team (below), a commentator on Hacker News appears to be correct in suggesting that while the malware cannot directly access existing Keychain entries, it can do so indirectly by forcing users to login manually and then capturing those credentials in a newly-created entry.
Keychain items have access control lists, where they can whitelist applications, usually only themselves. If my banking app creates a keychain item, malware will not have access. But malware can delete and recreate keychain items, and add both itself and the banking app to the ACL. Next time the banking app needs credentials, it will ask me to reenter them, and then store them in the keychain item created by the malware
For now, the best advice would appear to be cautious in downloading apps from unknown developers – even from the iOS and Mac App Stores – and to be alert to any occasion where you are asked to login manually when that login is usually done by Keychain.
As ever, the best practice is never to allow either your browser or a password manager to store your most sensitive logins, such as for online banking.
Stay always updated with the latest news of Apple and jailbreak stuffs. You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page and subscribe to our Youtube Channel .We also offer iPhone Factory Unlock service, iPhone Carrier check service and we also register iPhone,iPad,iPod udid to Apple Developer Program for installing latest iOS 9.x beta.
You have just read the article that category by title "Major security flaws on iOS and OS X vulnerable for password theft". You can bookmark this page with the URL https://gophoneworld.blogspot.com/2015/07/major-security-flaws-on-ios-and-os-x.html.
0 comments
Post a Comment