A huge security flaw has been discovered in Apple devices that could allow hackers to steal your passwords and data

A group of security researchers have discovered an alarming vulnerability in Apple's mobile and desktop operating systems.

In a newly-released paper, the research group explained how they tested a series of attacks that were able to bypass security checks, steal passwords, and even critical app data.

The vulnerability was discovered to exist on Apple devices including the iPhone, iPad, and Mac computers.

Due to the way Apple built apps to communicate with each other, the paper writes, researchers were able to "steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote."

Basically, these researchers were able to build a malware that was uploaded to Apple's App Store in the form of a typical app, which was then able to steal credentials from the existing apps on the researchers' phones. These credentials include passwords and other precious app data that's supposed to be off-limits.

The lead researcher, Luyi Xing, told the Register that his team was able to "gain unauthorized access to other apps' sensitive data such as passwords and tokens from iCloud, Mail app and all web passwords stored by Google Chrome."

According to the Register, Xing and his team informed Apple, which asked for six months to deal with issue. The six months have now passed and the vulnerabilities persist, say the researchers.

The ramifications of these findings could be huge. Very little has been written about the potential cross-app vulnerabilities in Apple's software, and this discovery shows some huge holes certainly exist.

The researchers tested this type of attack with large sample of Apple apps and found that "more than 88.6%" were completely exposed. These include extremely popular apps like password manager 1Password and Google Chrome.

"The consequences of these attacks are serious," the paper concludes, "including leak of user passwords, secrete tokens and all kinds of sensitive documents."

In short, this vulnerability could quickly become bad news for Apple if hackers or other malicious parties take advantage of the security holes, and there's no way to know if any attacks utilizing this method have already been carried out. For Apple's part, the company needs to figure out a way to patch the vulnerability across both its iOS and Mac OS X operating systems.

Business Insider has reached out to Apple, and we will update the post when we hear back.

You can watch a video showcasing how a malicious app can utilize the vulnerability to steal stored passwords from Google Chrome.

Comments

Visa confirms Coinbase wasn’t at fault for overcharging users

Yesterday, we wrote that Coinbase customers were being charged multiple times for past transactions. While some speculated that the erroneous withdraws were down to a Coinbase engineering issue, Coinbase issued a statement saying it wasn’t liable for the duplicate charges. The blame, instead, rested with Visa for the way it handled a migration of merchant categories for cryptocurrencies, Coinbase said. While you can read my post yesterday for an in-depth description of what happened, the basic gist is that Visa refunded and recharged (under a different merchant category) a month of old transactions. Many users saw the recharge come through before the refund processed, making it look like they were double charged. Honestly, the issue was likely exacerbated by existing payment rails — it’s normal for refunds to take multiple days to show up on credit and debit statements. But here’s where it gets weird — this morning Visa issued a statement to some publications shifting the blam...

LeafLink Raises $750K To Become Salesforce For The Cannabis Industry

LeafLink , an NY-based wholesale management platform for the cannabis industry, has closed a $750k seed round led by group of NY angel investors. The software platform is designed to support participants in a B2B supply chain, providing basic tools designed to save money for retailers and allow producers to get better pricing for their product. These tools will include a centralized location to view correspondence between buyers and suppliers, inventory and order tracking tools, and a portal to discover new products and services so users can source leads and close deals from within the platform. Founders Ryan Smith and Zach Silverman explained that they “believe cannabis regulation and distribution is moving toward mimicking the alcohol industry with regional distributors and nonsensical supply chain participants”. By focusing on creating a supply chain similar to the alcohol industry, the company hopes to eventually be the universally accepted way for buyer...

SoftBank Lands $236M From Alibaba And Foxconn To Bring Its Pepper Robot To The World

Remember Pepper, the intelligent robot that SoftBank unveiled last year ? Pepper goes on sale in Japan this coming weekend, but in advance of that launch SoftBank has revealed that Alibaba and manufacturer Foxconn have invested $118 million each in its robotics division. That deal will give Alibaba and Foxconn 20 percent shares in SoftBank Robotics Holdings (known as SBRH), with SoftBank retaining a dominant 60 percent stake. “SoftBank, Alibaba and Foxconn will build a structure to bring Pepper and other robotics businesses to global markets, and cooperate with the aim of spreading and developing the robotics industry on a worldwide scale,” SoftBank said in its announcement. SoftBank isn’t short on money, of course — it is building up quite a portfolio of e-commerce investments across Asia — but its two partners bring know-how, strategy and global networks to the table. So, it looks like Pepper has eventual world domination plans. Or, at least, ...

Intel announces the first 14 nanometre processor

At the Computex conference in Taipei, chipmaker Intel has revealed a fanless mobile PC reference design using the first of its next-generation 14nm "Broadwell" processors. The 2 in 1 pictured here is a 12.5" screen that is just 7.2 mm thick with keyboard detached and weighs 670 grams. The Surface Pro 3 – for comparison – is 9.1 mm thick and weighs 800 grams. It includes a media dock that provides additional cooling for a burst of performance. The next-generation chip is purpose-built for 2 in 1s and will hit the market later in 2014 . Called the Intel Core M, it will be the most energy-efficient Intel Core processor in the company's history with power usage cut by up to 45 percent, resulting in 60 percent less heat. The majority of designs based on this new chip are expected to be fanless, with up to 32 hours of battery life, offering both a lightning-fast tablet and razor-thin laptop. Intel is also delivering innovation and performance for the ...

Apple to release new small phone before iPhone 7

Apple to release new small phone before iPhone 7 Apple is to create a smaller, cheap version of the iPhone, persistent to the 4 inch size of the iPhone 5. Apple is testing 5 different iPhone 7 models. It will sell next to Apple’s existing phones however mark the first time that Apple has ready a latest phone smaller than the one it locate on sale before. There will be the choice of 2 or three colours likely the gold, space grey and silver options that mainly Apple products now coming up. Other than inside there will be very much better components. The flagship improve will be the addition of the A9 chip that powers the iPhone 6S. There may also be a number of changes to the outside. The most able to be seen is apt to be the addition of the somewhat curved edges that are found on the iPhone 6 and 6S. careinfo.in Apple dropped the iPhone 5C previous this year. A number of hoped that it would be replaced by a 6C, though reports at the time made clear that we...

Exciting Technology

Search This Blog