Skip to main content

A huge security flaw has been discovered in Apple devices that could allow hackers to steal your passwords and data


tim cook



A group of security researchers have discovered an alarming vulnerability in Apple's mobile and desktop operating systems.
In a newly-released paper, the research group explained how they tested a series of attacks that were able to bypass security checks, steal passwords, and even critical app data.
The vulnerability was discovered to exist on Apple devices including the iPhone, iPad, and Mac computers.
Due to the way Apple built apps to communicate with each other, the paper writes, researchers were able to "steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote."
Basically, these researchers were able to build a malware that was uploaded to Apple's App Store in the form of a typical app, which was then able to steal credentials from the existing apps on the researchers' phones. These credentials include passwords and other precious app data that's supposed to be off-limits.
The lead researcher, Luyi Xing, told the Register that his team was able to "gain unauthorized access to other apps' sensitive data such as passwords and tokens from iCloud, Mail app and all web passwords stored by Google Chrome."
According to the Register, Xing and his team informed Apple, which asked for six months to deal with issue. The six months have now passed and the vulnerabilities persist, say the researchers. 
The ramifications of these findings could be huge. Very little has been written about the potential cross-app vulnerabilities in Apple's software, and this discovery shows some huge holes certainly exist.
The researchers tested this type of attack with large sample of Apple apps and found that "more than 88.6%" were completely exposed. These include extremely popular apps like password manager 1Password and Google Chrome.
"The consequences of these attacks are serious," the paper concludes, "including leak of user passwords, secrete tokens and all kinds of sensitive documents."
In short, this vulnerability could quickly become bad news for Apple if hackers or other malicious parties take advantage of the security holes, and there's no way to know if any attacks utilizing this method have already been carried out. For Apple's part, the company needs to figure out a way to patch the vulnerability across both its iOS and Mac OS X operating systems.
Business Insider has reached out to Apple, and we will update the post when we hear back.
You can watch a video showcasing how a malicious app can utilize the vulnerability to steal stored passwords from Google Chrome.

Comments

Popular posts from this blog

SoftBank Lands $236M From Alibaba And Foxconn To Bring Its Pepper Robot To The World

Remember Pepper,  the intelligent robot that SoftBank unveiled last year ? Pepper goes on sale in Japan this coming weekend, but in advance of that launch  SoftBank has revealed  that Alibaba and manufacturer Foxconn have invested $118 million each in its robotics division. That deal will give Alibaba and Foxconn 20 percent shares in SoftBank Robotics Holdings (known as SBRH), with SoftBank retaining a dominant 60 percent stake. “SoftBank, Alibaba and Foxconn will build a structure to bring Pepper and other robotics businesses to global markets, and cooperate with the aim of spreading and developing the robotics industry on a worldwide scale,” SoftBank said in its announcement. SoftBank isn’t short on money, of course — it is building up quite a portfolio of e-commerce investments across Asia — but its two partners bring know-how, strategy and global networks to the table. So, it looks like Pepper has eventual world domination plans. Or, at least, ...

Five budget-friendly open source storage servers

Storage is essential for the enterprise: Data must be stored. Data must be retrieved. Data must be shared. Data must be secured. At the same time, storage must not consume the entirety of your IT budget. Fortunately, you can find effective solutions in the world of open source. Outside of cost effectiveness, one of the biggest benefits of these solutions is the ability to modify them to perfectly fit your needs. You can make minor changes or even roll your own storage solution based on one of these tools. If you want enterprise support and a "solution in a can" that will meet just about any enterprise storage need, you should turn to Red Hat or SUSE. Both Linux-based companies offer some of the most powerful enterprise-ready tools on the market. But if you'd rather get your hands dirty and craft something of your own—something that won't demolish your budget—these five open source tools are a great place to start. 1: ownCloud ownCloud ( Figure ...

Apple Releases First Battery Case To Eat Third-Party Accessory Makers’ Lunch

In a surprise move, Apple just announced an external battery case for the iPhone 6s. Named the  iPhone 6s Smart Battery Case , the battery extends the battery life of your iPhone 6s by up to 25 hours. The new accessory is available in black and white for $99 starting today. Let’s start with the design. Apple is using silicone as the main material like on its other cases. The company doesn’t disclose the capacity of the battery except that you’re supposed to get 18 to 25 hours of extra battery. Like third-party battery cases, Apple uses a Lightning male port at the bottom to plug your iPhone. You can charge the case using a traditional Lightning cable — most third-party batteries rely on a microUSB cable. Apple’s accessory also works with the iPhone 6 and it looks like there isn’t a 6 Plus and 6s Plus version. The Smart Battery Case features an unfortunate hump at the back. Mophie’s  Juice Pack  design is a bit sleeker compared to Apple’s official accessory. Apple...

Apple to release new small phone before iPhone 7

Apple to release new small phone before iPhone 7 Apple is to create a smaller, cheap version of the iPhone, persistent to the 4 inch size of the iPhone 5. Apple is testing 5 different iPhone 7 models. It will sell next to Apple’s existing phones however mark the first time that Apple has ready a latest phone smaller than the one it locate on sale before. There will be the choice of 2 or three colours likely the  gold, space grey  and silver options that mainly Apple products now coming up. Other than inside there will be very much better components. The flagship improve will be the addition of the A9 chip that powers the iPhone 6S. There may also be a number of changes to the outside. The most able to be seen is apt to be the addition of the somewhat curved edges that are found on the iPhone 6 and 6S. careinfo.in Apple  dropped the iPhone 5C previous this year. A number of hoped that it would be replaced by a 6C, though reports at the time made clear that we...