Skip to main content

A huge security flaw has been discovered in Apple devices that could allow hackers to steal your passwords and data

Image
By

tim cook

A group of security researchers have discovered an alarming vulnerability in Apple's mobile and desktop operating systems.
In a newly-released paper, the research group explained how they tested a series of attacks that were able to bypass security checks, steal passwords, and even critical app data.
The vulnerability was discovered to exist on Apple devices including the iPhone, iPad, and Mac computers.
Due to the way Apple built apps to communicate with each other, the paper writes, researchers were able to "steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote."
Basically, these researchers were able to build a malware that was uploaded to Apple's App Store in the form of a typical app, which was then able to steal credentials from the existing apps on the researchers' phones. These credentials include passwords and other precious app data that's supposed to be off-limits.
The lead researcher, Luyi Xing, told the Register that his team was able to "gain unauthorized access to other apps' sensitive data such as passwords and tokens from iCloud, Mail app and all web passwords stored by Google Chrome."
According to the Register, Xing and his team informed Apple, which asked for six months to deal with issue. The six months have now passed and the vulnerabilities persist, say the researchers. 
The ramifications of these findings could be huge. Very little has been written about the potential cross-app vulnerabilities in Apple's software, and this discovery shows some huge holes certainly exist.
The researchers tested this type of attack with large sample of Apple apps and found that "more than 88.6%" were completely exposed. These include extremely popular apps like password manager 1Password and Google Chrome.
"The consequences of these attacks are serious," the paper concludes, "including leak of user passwords, secrete tokens and all kinds of sensitive documents."
In short, this vulnerability could quickly become bad news for Apple if hackers or other malicious parties take advantage of the security holes, and there's no way to know if any attacks utilizing this method have already been carried out. For Apple's part, the company needs to figure out a way to patch the vulnerability across both its iOS and Mac OS X operating systems.
Business Insider has reached out to Apple, and we will update the post when we hear back.
You can watch a video showcasing how a malicious app can utilize the vulnerability to steal stored passwords from Google Chrome.

Comments

Post a Comment

Popular posts from this blog

eGym raises $45M Series C for cloud-connected gym equipment and fitness software

By
eGym , the Munich-based startup that offers cloud-connected gym equipment and supporting cloud software and app for the fitness training floor, has closed $45 million in Series C funding. The round was led by new investor HPE Growth Capital, while existing investors, including Highland Europe, also participated. The problem that eGym is looking to solve is that, whilst gyms have moved from a bodybuilder market to a mass market in the last 20 years, the technology in gyms lags behind. That’s despite the fact that better use of technology can help to reduce customer churn, the biggest pain-point of both gym operator and gym users. Comprising of an app for both gym user and trainer, combined with the company’s connected strength machines, the eGym Cloud makes it possible for gym members to receive better fitness instruction and an evolving and personalised fitness plan based on data collected as they workout. And by providing a better workout feedback loop, gym goers can get an i...
2 comments
Read more

What will a driverless future actually look like?

By
There is a growing consensus that autonomous vehicles (AVs) will soon be a reality. The debate today centers not on whether, but how soon, AVs will be commonplace on our roads. But for all the buzz surrounding AVs, many details about what a driverless future will look like remain unclear. Which business models will work best for the commercialization of AVs? Which AV usage models will be most appealing for consumers? Which companies are best positioned to win in this new market? These are big questions, and no certain answers can be given at this stage. Nonetheless, it is valuable to reflect, in a concrete way, on how this transformative technology might develop. This article will present some conjectures. The end of private car ownership? At a high level, two possible paradigms seem most likely for how society will use AVs. The first is private AV ownership. Under this model, individuals or families would continue to own their own vehicles and use them to get a...
Post a Comment
Read more

Airbnb will open its Cuba listings to users outside the United States

By
Airbnb  will now let travelers from outside the U.S. to book properties in Cuba after receiving authorization from the U.S. government,  reports the Associated Press . Previously, only Americans were allowed to reserve the site’s  Cuban listings . They will open to international users on April 2. Airbnb launched its  Cuban operations in April 2014 , four months after the Obama administration revealed that it will begin to  restore diplomatic relations with the Communist country . The historic policy change means that  travel and trade sanctions will be lifted , which is expected to boost tourism to Cuba dramatically because Americans no longer need licenses to visit. In fact, President Obama is  currently on an official visit to Cuba , the first president since Calvin Coolidge to do so. According to the AP, Cuba is currently Airbnb’s fastest-growing market, with about 4,000 homes added since it opened listings. Other travel businesses...
Post a Comment
Read more

85 legitimate iPhone apps that were infected with malware in the big App Store hack

By
Apple fans have been criticizing Android for years, fighting back against “walled garden” claims by suggesting that Android's open nature makes it far more susceptible to hacks and malware. This is indeed often the case, but if you think  Apple's  closed  iOS  app ecosystem isn't also vulnerable to attacks, think again. Millions upon millions of iPhone  and iPad users were affected by a major App Store hack that was just uncovered, and now we have a list of some of the apps that have reportedly been infected with malware. Here's the bad news: There are some very popular apps on this list, and the odds are pretty good that one or more of them are on your phone right now. DON'T MISS:  10 things iOS 9 can do that you can't do in iOS 8 As was reported early Monday morning, Apple has confirmed that the App Store suffered its first ever large-scale attack. Apple confirmed the hack after multiple security firms reported finding malware called “Xcod...
Post a Comment
Read more