Skip to main content

A huge security flaw has been discovered in Apple devices that could allow hackers to steal your passwords and data

Image
By

tim cook

A group of security researchers have discovered an alarming vulnerability in Apple's mobile and desktop operating systems.
In a newly-released paper, the research group explained how they tested a series of attacks that were able to bypass security checks, steal passwords, and even critical app data.
The vulnerability was discovered to exist on Apple devices including the iPhone, iPad, and Mac computers.
Due to the way Apple built apps to communicate with each other, the paper writes, researchers were able to "steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote."
Basically, these researchers were able to build a malware that was uploaded to Apple's App Store in the form of a typical app, which was then able to steal credentials from the existing apps on the researchers' phones. These credentials include passwords and other precious app data that's supposed to be off-limits.
The lead researcher, Luyi Xing, told the Register that his team was able to "gain unauthorized access to other apps' sensitive data such as passwords and tokens from iCloud, Mail app and all web passwords stored by Google Chrome."
According to the Register, Xing and his team informed Apple, which asked for six months to deal with issue. The six months have now passed and the vulnerabilities persist, say the researchers. 
The ramifications of these findings could be huge. Very little has been written about the potential cross-app vulnerabilities in Apple's software, and this discovery shows some huge holes certainly exist.
The researchers tested this type of attack with large sample of Apple apps and found that "more than 88.6%" were completely exposed. These include extremely popular apps like password manager 1Password and Google Chrome.
"The consequences of these attacks are serious," the paper concludes, "including leak of user passwords, secrete tokens and all kinds of sensitive documents."
In short, this vulnerability could quickly become bad news for Apple if hackers or other malicious parties take advantage of the security holes, and there's no way to know if any attacks utilizing this method have already been carried out. For Apple's part, the company needs to figure out a way to patch the vulnerability across both its iOS and Mac OS X operating systems.
Business Insider has reached out to Apple, and we will update the post when we hear back.
You can watch a video showcasing how a malicious app can utilize the vulnerability to steal stored passwords from Google Chrome.

Comments

Post a Comment

Popular posts from this blog

Smart savings app Clinc is a new fintech startup from ex-CEO and founder of Numbrs

By
Last April, Julien Arnold quietly left his role as CEO of Numbrs, the mobile-first banking app he co-founded with Swiss company builder Centralway. Now, almost a year on, he’s on the verge of launching his next project:  Clinc , a mobile app to make it easier to save money for a future purchase or financial rainy day. Using what Arnold describes as a “dynamic intelligence algorithm,” Clinc promises to track your current account spending and analyse the results to find the optimum amount to save each month, which is then automatically deposited into your Clinc savings account underpinned by the startup’s partner bank. The secret sauce, which he won’t go much into detail on, is that the app is dynamic, able to make on-the-fly adjustments to how much you transfer to your savings account based on how your spending has changed or are predicted to change. In other words, Clinc’s central proposition is to help you achieve your financial goals faster. “This is the bigges...
3 comments
Read more

The EHang 184 Is A Human-Sized Drone Taking Off At CES

By
We’ve seen some pretty cool stuff on day 1 of CES 2016, but probably nothing more eye-catching than the EHang 184, a human-sized drone built by the Chinese UAV company  EHang . Yes you heard right — a giant autonomous drone that fits a human. It’s basically what you would expect to see if someone shrunk you down to the size of a LEGO and stuck you next to a DJI Inspire. Except no one was shrunk, and the giant flying machine was sitting smack in the middle of the CES drone section. EHang, which was founded in 2014 and has raised about $50M in venture fundingto date, was pretty gung-ho about telling everyone at CES that the 184 was the future of personal transport. And for the most part, people were too in awe to question them. But the reality is that the company probably was using the 184 as more of a marketing tool for their standard-sized drones like the  Ghost . Not that we’re saying that the 184 will never be a real thing, just that it probably isn’t co...
Post a Comment
Read more

Iron Man Galaxy S6 Edge Arrives With An Arc Reactor Charger

By
Samsung’s  Iron Man-branded Galaxy S6 Edge  arrives tomorrow, with a custom paint job, 64GB of on-board storage and a limited edition wireless charger accessory with an appropriate arc reactor graphic included on top. It ships with a clear cover, too, so you can protect your precious “armor” when ticketing around in the real world. The box it comes in is also red and gold, and there’s a big ol’ Iron Man helmet stencil graphic on the back of the device, too, as well as a software theme to match. I probably would’ve left off the face personally, letting the colors speak for themselves, but this was a partnership with Marvel with the intent of promoting the new Avengers film oversees, so they probably could’ve been a lot less tasteful with the branding overall. The sad news for those of you who were hoping to advertise their Stark fandom on their phones is that availability is listed as only Korea as of tomorrow, with sales beginning in China and Hong Kong...
Post a Comment
Read more

Party Like It’s 2003 As PlayStation 2 Emulation Is Coming To PlayStation 4

By
If you’re into big pixels, Sony has a treat for you. The company has secretly been working on a fully functioning PlayStation 2 emulator for the PlayStation 4. It is taking advantage of this emulator for classic PS2 Star Wars games. But the company also confirmed to  Wired  that it is working on bringing more PS2 games to the PS4. You can buy a Star Wars Battlefront bundle that comes with a PlayStation 4, EA’s latest Star Wars game and a bunch of old games — Super Star Wars, Star Wars: Racer Revenge, Star Wars: Jedi Starfighter, and Star Wars: Bounty Hunter. Eurogamer  tried these games  and got a nice surprise. These games weren’t updated for the PlayStation 4. Instead, they run inside a PlayStation 2 emulator. You’ll find much of the PlayStation 2’s classic iconography starting with the start and select buttons, virtual memory cards and the good old PlayStation 2 logo when you boot these games. It also means that there will be a lot of upscaling and things...
Post a Comment
Read more