• Security Flaws in iOS and Mac OS X Leave Your Keychain Access Passwords Wide Open



    iOS and Mac OS X are regarded by Apple as extremely secure operating systems, but it seems like security researchers have a new trick up their sleeve every time Apple blinks an eye.

    The newest security flaws are known as zero-day exploits and affect the security of your passwords stored in the Keychain Access application, as well as other password-sensitive applications on your machine, whether it's an iOS or OS X device. The malicious code can be a part of any sand-boxed application on your machine, such as the ones you download from the Mac App Store, and can put your security at huge risks.



    The exploits are effective across a wide range of applications and features on a Mac or iOS mobile device, including iPassword, Chrome, Dropbox, Evernote, Instagram, Pocket, and many others, as MacRumors notes.

    Much like the case of the E-mail phishing HTML bug that we reported on about a week ago, the researchers behind this exploitation process went to Apple first and haven't heard back from the company in more than 6 months. As a result, Luyi Xing, the lead security researcher, is now publicizing their work to attempt to raise awareness and exacerbate the problem enough to force Apple to immediately fix the problem.

    This is big and Apple needs to fix it. The company was probably too busy working on stability updates for OS X El Capitan and iOS 9 to answer the needs of the researchers in the time requested. Apple will certainly fix the problem in due time now that the public is aware of it.

    Sources: Full Report via MacRumors
    This article was originally published in forum thread: Security Flaws in iOS and Mac OS X Leave Your Keychain Access Passwords Wide Open started by Anthony Bouchard View original post
    Comments 5 Comments
    1. Ambi_Valence's Avatar
      Ambi_Valence -
      Soon there are going to be a lot of Apple fans eating a lot of humble pie.
    1. dsg's Avatar
      dsg -
      Shame they didn't give us a fix for it as we'll
    1. Zokunei's Avatar
      Zokunei -
      They really do need to get faster about fixing major bugs like this. Safari ranks dead last in browsers for security response time.
    1. swifty7's Avatar
      swifty7 -
      is Apple doing this on purpose for not giving Jailbreak makers a chance to work on one by constantly releasing new firmwares? This is ridiculous!!! the way I see it, I don't think we'll ever see another jailbreak again. I think I might just update my iphone to the latest firmware and as much as it pains, forget about jailbreak. I guess in the end, Apple won the battle.
    1. dsg's Avatar
      dsg -
      the worst part of this is they got there malicious app on to the iOS and Mac OS Appstore. (I found the original report more informative) Which means we could all unwittingly install an app that on the surface looks benign, but is actually digital cancer that steals your information and/or identity



      Sent from my iPhone using Tapatalk
  • Connect With Us

  • Twitter Box

  • Facebook