A huge security flaw has been discovered in Apple devices that could allow hackers to steal your passwords and data

A group of security researchers have discovered an alarming vulnerability in Apple's mobile and desktop operating systems.

In a newly-released paper, the research group explained how they tested a series of attacks that were able to bypass security checks, steal passwords, and even critical app data.

The vulnerability was discovered to exist on Apple devices including the iPhone, iPad, and Mac computers.

Due to the way Apple built apps to communicate with each other, the paper writes, researchers were able to "steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote."

Basically, these researchers were able to build a malware that was uploaded to Apple's App Store in the form of a typical app, which was then able to steal credentials from the existing apps on the researchers' phones. These credentials include passwords and other precious app data that's supposed to be off-limits.

The lead researcher, Luyi Xing, told the Register that his team was able to "gain unauthorized access to other apps' sensitive data such as passwords and tokens from iCloud, Mail app and all web passwords stored by Google Chrome."

According to the Register, Xing and his team informed Apple, which asked for six months to deal with issue. The six months have now passed and the vulnerabilities persist, say the researchers.

The ramifications of these findings could be huge. Very little has been written about the potential cross-app vulnerabilities in Apple's software, and this discovery shows some huge holes certainly exist.

The researchers tested this type of attack with large sample of Apple apps and found that "more than 88.6%" were completely exposed. These include extremely popular apps like password manager 1Password and Google Chrome.

"The consequences of these attacks are serious," the paper concludes, "including leak of user passwords, secrete tokens and all kinds of sensitive documents."

In short, this vulnerability could quickly become bad news for Apple if hackers or other malicious parties take advantage of the security holes, and there's no way to know if any attacks utilizing this method have already been carried out. For Apple's part, the company needs to figure out a way to patch the vulnerability across both its iOS and Mac OS X operating systems.

Business Insider has reached out to Apple, and we will update the post when we hear back.

You can watch a video showcasing how a malicious app can utilize the vulnerability to steal stored passwords from Google Chrome.

Comments

Montana-based mapping startup onXmaps raises a round of funding fit for Big Sky Country

A mapping startup based in Missoula, Mont., which allows users to download sophisticated offline topographic maps outlining public and private lands and a number of other features geared towards hunting, fishing and camping, has pulled in its first major outside funding. onXmaps has closed a $20.3 million Series A round led by Summit Partners. Bessemer Venture Partners, Millennium Technology Value Partners, Next Frontier Capital and NBCUniversal CEO Steve Burke also participated in the round. The company is calling the fundraise one of the biggest ever among startups based in Montana. onX Hunt app This is impressively the first bout of outside funding that the 70-person startup has ever taken since being founded in 2009. The company’s founder and CEO Eric Siegfried, an avid outdoorsman himself, had created a more basic program to integrate these maps with his own Garmin GPS. After finding his friends were interested in having a product like this too, he put down $27k of his...

Best Web Design Company in Pondicherry

#Technology has two faces. We all feel it, but sometimes can’t find words to describe it. #Ebooks are the best example to show the 0-1 nature of emotions the #technology evokes. #itwhere provide a #Best #solutions to #Growyourbusiness feel free to drop a #Mail info@itwheretech.co.in www.itwheretech.co.in

Visa confirms Coinbase wasn’t at fault for overcharging users

Yesterday, we wrote that Coinbase customers were being charged multiple times for past transactions. While some speculated that the erroneous withdraws were down to a Coinbase engineering issue, Coinbase issued a statement saying it wasn’t liable for the duplicate charges. The blame, instead, rested with Visa for the way it handled a migration of merchant categories for cryptocurrencies, Coinbase said. While you can read my post yesterday for an in-depth description of what happened, the basic gist is that Visa refunded and recharged (under a different merchant category) a month of old transactions. Many users saw the recharge come through before the refund processed, making it look like they were double charged. Honestly, the issue was likely exacerbated by existing payment rails — it’s normal for refunds to take multiple days to show up on credit and debit statements. But here’s where it gets weird — this morning Visa issued a statement to some publications shifting the blam...

Here’s how to keep track of Elon Musk’s Roadster and Starman in space

Elon Musk’s Starman, the mannequin driver of the Tesla Roadster SpaceX launched aboard its Falcon Heavy rocket, is taking a trip around our solar system, in a large elliptical orbit that will bring him relatively close to Mars, the Sun and other heavenly bodies. But how to track the trip, now that the Roadster’s onboard batteries are out of juice and no longer transmitting live footage? Thanks to the work of Ben Pearson, a SpaceX fan and electrical engineer working in the aerospace industry, who created ‘Where is Roadster,’ a website that makes use of JPL Horizons data to track the progress of the Roadster and Starman through space, and to predict its path and let you know when it’ll come close to meeting up with various planets and the Sun. The website tells you the Roadster’s current position, too, as well as its speed and whether it’s moving towards or away from Earth and Mars at any given moment. It’s not officially affiliated with SpaceX or Tesla, but it is something Elon...

Engineering against all odds, or how NYC’s subway will get wireless in the tunnels

Never ask a wireless engineer working on the NYC subway system “What can go wrong?” Flooding, ice, brake dust, and power outages relentlessly attack the network components. Rats — many, many rats — can eat power and fiber optic cables and bring down the whole system. Humans are no different, as their curiosity or malice strikes a blow against wireless hardware (literally and metaphorically). Serverless software deployment to the cloud, this is not. New York City officially got wireless service in every underground subway station a little more than a year ago, and I was curious what work went into the buildout of this system as well as how it will expand in the future. That curiosity is part of a series of articles I’ve written on an observed pattern known as cost disease, the massively inflating costs of basic human services like health care, housing, infrastructure, and education. The United States spends trillions of dollars on each of these fields, massively outspending sim...

Exciting Technology

Search This Blog