Jump to content

Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X

securitybreach

By securitybreach
in Security & Networking

 Share

Recommended Posts

securitybreach

securitybreach

Posted
Posted

Six university researchers have revealed deadly zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's password-storing keychain, break app sandboxes, and bypass its App Store security checks.

Attackers can steal passwords from installed apps, including the native email client, without being detected, by exploiting these bugs.

The team was able to upload malware to the Apple app store, passing the vetting process without triggering alerts. That malware, when installed on a victim's device, raided the keychain to steal passwords for services including iCloud and the Mail app, and all those stored within Google Chrome.

Lead researcher Luyi Xing told El Reg he and his team complied with Apple's request to withhold publication of the research for six months, but had not heard back as of the time of writing.

They say the holes are still present in Apple's software, meaning their work will likely be consumed by attackers looking to weaponize the work.

Apple was not available for immediate comment.........

 

http://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0day_mac_ios_research_blitzkrieg/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...