PDA

View Full Version : Zero-day exploit lets App Store malware steal OS X and iOS passwords !!!



TattooedMac
06-22-2015, 10:03 PM
This is a great read. . . . .

Zero-day exploit lets App Store malware steal OS X and iOS passwords (http://www.macworld.com.au/news/zero-day-exploit-lets-app-store-malware-steal-os-x-and-ios-passwords-138903/#.VYis5WAq6fQ)


What minimises the attack vectors presented by the researchers is that any malicious app has to get into the App Store. Unfortunately for Apple, the paperís authors were able to submit and get approved apps that exploited these weaknesses. They immediately removed them after approval, as they had had their proof of concept.

The paper details four flaws, three of which are unique to OS X. However, without substantial changes, iOS could be subject to one or two additional exploits noted if certain kinds of inter-application or system-wide data storage changes were made.

The researchersí analysis of hundreds of free apps reveals that most are vulnerable to most of these vectors of attack. Agile Bits, developer of 1Password, responded with a blog post on Wednesday (https://blog.agilebits.com/2015/06/17/1password-inter-process-communication-discussion/), detailing what the company plans to do, and what users can do to protect themselves.

chas_m
06-22-2015, 11:40 PM
Already patched, with further fixes coming:

http://www.macnn.com/articles/15/06/20/range.of.discovered.vulnerabilities.made.it.possib le.to.intercept.data.between.apps.129150/