A huge security flaw has been discovered in Apple devices that could allow hackers to steal your passwords and data

A group of security researchers have discovered an alarming vulnerability in Apple's mobile and desktop operating systems.

In a newly-released paper, the research group explained how they tested a series of attacks that were able to bypass security checks, steal passwords, and even critical app data.

The vulnerability was discovered to exist on Apple devices including the iPhone, iPad, and Mac computers.

Due to the way Apple built apps to communicate with each other, the paper writes, researchers were able to "steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote."

Basically, these researchers were able to build a malware that was uploaded to Apple's App Store in the form of a typical app, which was then able to steal credentials from the existing apps on the researchers' phones. These credentials include passwords and other precious app data that's supposed to be off-limits.

The lead researcher, Luyi Xing, told the Register that his team was able to "gain unauthorized access to other apps' sensitive data such as passwords and tokens from iCloud, Mail app and all web passwords stored by Google Chrome."

According to the Register, Xing and his team informed Apple, which asked for six months to deal with issue. The six months have now passed and the vulnerabilities persist, say the researchers.

The ramifications of these findings could be huge. Very little has been written about the potential cross-app vulnerabilities in Apple's software, and this discovery shows some huge holes certainly exist.

The researchers tested this type of attack with large sample of Apple apps and found that "more than 88.6%" were completely exposed. These include extremely popular apps like password manager 1Password and Google Chrome.

"The consequences of these attacks are serious," the paper concludes, "including leak of user passwords, secrete tokens and all kinds of sensitive documents."

In short, this vulnerability could quickly become bad news for Apple if hackers or other malicious parties take advantage of the security holes, and there's no way to know if any attacks utilizing this method have already been carried out. For Apple's part, the company needs to figure out a way to patch the vulnerability across both its iOS and Mac OS X operating systems.

Business Insider has reached out to Apple, and we will update the post when we hear back.

You can watch a video showcasing how a malicious app can utilize the vulnerability to steal stored passwords from Google Chrome.

Comments

The EHang 184 Is A Human-Sized Drone Taking Off At CES

We’ve seen some pretty cool stuff on day 1 of CES 2016, but probably nothing more eye-catching than the EHang 184, a human-sized drone built by the Chinese UAV company EHang . Yes you heard right — a giant autonomous drone that fits a human. It’s basically what you would expect to see if someone shrunk you down to the size of a LEGO and stuck you next to a DJI Inspire. Except no one was shrunk, and the giant flying machine was sitting smack in the middle of the CES drone section. EHang, which was founded in 2014 and has raised about $50M in venture fundingto date, was pretty gung-ho about telling everyone at CES that the 184 was the future of personal transport. And for the most part, people were too in awe to question them. But the reality is that the company probably was using the 184 as more of a marketing tool for their standard-sized drones like the Ghost . Not that we’re saying that the 184 will never be a real thing, just that it probably isn’t co...

IT Where

#Responsive_Webdesign start from #7500, #hosting_Service Start from #3300 Per Year #get #your #special offers at Itwhere Pondy #Digital_Marketing , #SEO , #Product_Branding at Itwhere Pondy Email:info@itwheretech.co. in M:+91 9092734853 www.itwheretech.co.in

Western Union Brings Money Transfer And Its Tricky Fees To Chat Apps

Remittance has always been a shady business. Migrant workers need to send money they earn home to their families, but get hit with fine print fees so less cash comes out the other side than they might assume. Remittance companies earn extra by keeping the margin between their own made up exchange rate and the real one. Western Union is the best known remittance company, with 500,000 brick-and-mortar locations around the world. But tech startups like TransferWise, Azimo, and WorldRemit are gunning for the business. They hope to increase convenience and reduce fees to lure customers away from Western Union, Moneygram, and other old-school remittance providers. So Western Union is going digital thanks to partnerships with big messaging apps. It launched its Western Union Connect system in October last year, followed by a partnership with WeChat for sending up to $100. Now it’s getting into bed with Viber , which has over 664 million “unique” users, thou...

Google Announces Android Wear Update With WiFi Support, Always-On Apps, And More

It has been a while since Android Wear got any substantial updates, but today Google is announcing a big one. A new version of Wear will be rolling out over the coming weeks that includes a number of previously rumored features (like WiFi support) and some all new stuff (like always-on apps). Most Wear devices use the always-on ambient mode for the watch face by default, the Moto 360 being a notable exception. The new Android Wear version allows apps to operate in ambient mode too, so they remain active when the watch goes to sleep. That makes it easier to take a quick glance at the app instead of waking the device up and opening the app all over again. The watch will still only go into full-color mode when necessary. WiFi support is also coming in the update, which means your watch can be useful even if your phone isn't connected. Watches with WiFi support will be able to connect to WiFi and still get messages and notifications from your phone, provided it has an interne...

Following Patent Deal, Every Time Apple Sells An iPhone, Ericsson Gets A Bit Of Money

Telecommunications infrastructure company Ericsson just announced that it has reached an agreement with Apple over an ongoing patent dispute. For the next seven years, Apple will pay a fraction of its iPhone and iPad profit to Ericsson in royalties. Back in February, Ericsson filed suits in many different jurisdictions for patent infringement (the International Trade Commission, the U.S. District Court for the Eastern District of Texas, the U.S. District Court for the Northern District of California, as well as courts in the U.K., Germany and the Netherlands). According to the Swedish company, Apple has been violating 41 patents over the past few years with its iPhone and iPad, in particular patents related to GSM, UMTS and LTE technologies. As expected, the two companies have reached an agreement and Ericsson is dropping all of its lawsuits. Today’s news isn’t particularly surprising as Ericsson holds more than 35,000 patents. Many of them are related to wireles...

Exciting Technology

Search This Blog