- Joined
- May 19, 2009
- Messages
- 8,428
- Reaction score
- 295
- Points
- 83
- Location
- Waiting for a mate . . .
- Your Mac's Specs
- 21" iMac 2.9Ghz 16GB RAM - 10.11.3, iPhone6s & iPad Air 2 - iOS 9.2.1, ATV 4Th Gen tvOS, ATV3
This is a great read. . . . .
Zero-day exploit lets App Store malware steal OS X and iOS passwords
Zero-day exploit lets App Store malware steal OS X and iOS passwords
What minimises the attack vectors presented by the researchers is that any malicious app has to get into the App Store. Unfortunately for Apple, the paper’s authors were able to submit and get approved apps that exploited these weaknesses. They immediately removed them after approval, as they had had their proof of concept.
The paper details four flaws, three of which are unique to OS X. However, without substantial changes, iOS could be subject to one or two additional exploits noted if certain kinds of inter-application or system-wide data storage changes were made.
The researchers’ analysis of hundreds of free apps reveals that most are vulnerable to most of these vectors of attack. Agile Bits, developer of 1Password, responded with a blog post on Wednesday, detailing what the company plans to do, and what users can do to protect themselves.