A huge security flaw has been discovered in Apple devices that could allow hackers to steal your passwords and data

A group of security researchers have discovered an alarming vulnerability in Apple's mobile and desktop operating systems.

In a newly-released paper, the research group explained how they tested a series of attacks that were able to bypass security checks, steal passwords, and even critical app data.

The vulnerability was discovered to exist on Apple devices including the iPhone, iPad, and Mac computers.

Due to the way Apple built apps to communicate with each other, the paper writes, researchers were able to "steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote."

Basically, these researchers were able to build a malware that was uploaded to Apple's App Store in the form of a typical app, which was then able to steal credentials from the existing apps on the researchers' phones. These credentials include passwords and other precious app data that's supposed to be off-limits.

The lead researcher, Luyi Xing, told the Register that his team was able to "gain unauthorized access to other apps' sensitive data such as passwords and tokens from iCloud, Mail app and all web passwords stored by Google Chrome."

According to the Register, Xing and his team informed Apple, which asked for six months to deal with issue. The six months have now passed and the vulnerabilities persist, say the researchers.

The ramifications of these findings could be huge. Very little has been written about the potential cross-app vulnerabilities in Apple's software, and this discovery shows some huge holes certainly exist.

The researchers tested this type of attack with large sample of Apple apps and found that "more than 88.6%" were completely exposed. These include extremely popular apps like password manager 1Password and Google Chrome.

"The consequences of these attacks are serious," the paper concludes, "including leak of user passwords, secrete tokens and all kinds of sensitive documents."

In short, this vulnerability could quickly become bad news for Apple if hackers or other malicious parties take advantage of the security holes, and there's no way to know if any attacks utilizing this method have already been carried out. For Apple's part, the company needs to figure out a way to patch the vulnerability across both its iOS and Mac OS X operating systems.

Business Insider has reached out to Apple, and we will update the post when we hear back.

You can watch a video showcasing how a malicious app can utilize the vulnerability to steal stored passwords from Google Chrome.

Comments

Trump cites Facebook exec’s comments downplaying Russian ad influence on election

You’d be forgiven for missing Donald Trump’s multiple retweets of Facebook executive Rob Goldman over the weekend. Perhaps you were spending time with family, watching Black Panther or just attempting to forget politics for a moment by ignoring the manic flurry of social media updates from the leader of the free world. But in amongst a deluge of tweets that blamed Democrats for failing to preserve DACA, called out the FBI over the recent school shooting in Florida on the FBI and affectionately referred to a member of congress as “Liddle’ Adam Schiff, the leakin’ monster of no control,” the President cited Facebook’s VP of Ads as evidence against claims that his campaign colluded with Russia. “The Fake News Media never fails,” Trump tweeted over the weekend. “Hard to ignore this fact from the Vice President of Facebook Ads, Rob Goldman!” Trump was citing Goldman’s own Twitter dump over the past week, responding to Special Counsel Robert Mueller’s recent indictment of 13 Russian...

Best Web Design Company in Pondicherry

#Technology has two faces. We all feel it, but sometimes can’t find words to describe it. #Ebooks are the best example to show the 0-1 nature of emotions the #technology evokes. #itwhere provide a #Best #solutions to #Growyourbusiness feel free to drop a #Mail info@itwheretech.co.in www.itwheretech.co.in

South Korea aims for startup gold

Back in 2011, when South Korea won its longshot bid to host the 2018 Winter Olympics, the country wasn’t widely recognized as a destination for ski and snow lovers. It wasn’t considered much of a tech startup hub either. Fast forward seven years and a lot has changed. For the next 10 days, the eyes of the world will be on the snowy slopes of PyeongChang. Meanwhile, a couple of hours away in Seoul, a burgeoning startup scene is seeing investments multiply, generating exits and even creating a unicorn or two. While South Korea doesn’t get a perfect score as a startup innovation hub, it has established itself as a serious contender. More than half a billion dollars annually has gone to seed through late-stage funding rounds for the past few years. During that time, at least two companies, e-commerce company Coupang and mobile-focused content and commerce company Yello Mobile, have established multi-billion-dollar valuations. To provide a broader picture of how South Korea stacks ...

Smart savings app Clinc is a new fintech startup from ex-CEO and founder of Numbrs

Last April, Julien Arnold quietly left his role as CEO of Numbrs, the mobile-first banking app he co-founded with Swiss company builder Centralway. Now, almost a year on, he’s on the verge of launching his next project: Clinc , a mobile app to make it easier to save money for a future purchase or financial rainy day. Using what Arnold describes as a “dynamic intelligence algorithm,” Clinc promises to track your current account spending and analyse the results to find the optimum amount to save each month, which is then automatically deposited into your Clinc savings account underpinned by the startup’s partner bank. The secret sauce, which he won’t go much into detail on, is that the app is dynamic, able to make on-the-fly adjustments to how much you transfer to your savings account based on how your spending has changed or are predicted to change. In other words, Clinc’s central proposition is to help you achieve your financial goals faster. “This is the bigges...

Workato Chat Bot Brings Enterprise Workflow Into Slack

As we head into 2016, enterprise chat applications like Slack are suddenly a hot commodity, and if you’re inside chat a good portion of the day the argument goes, you should be able to access other work without leaving the chat client. This is exactly what Workato’s newly announced chat bot, Workbot, is designed to do. Chat bots are small programs that integrate with a chat platform and provide some advanced type of functionality in a fairly easy fashion. The new Workbot-chat bot enables users to access and control over 100 enterprise applications such as a Salesforce CRM record, Quickbooks accounting information or Zendesk customer service interactions directly inside of Slack. One of the primary issues with early Enterprise 2.0 tools was that they were just another application busy employees needed to pay attention to. The idea here is to give users customer information directly in the context of the discussion they may be having...

Exciting Technology

Search This Blog